Primary

Context

PcVue Web Services and Applications HTTP Header Vulnerability Exposing Server Configuration Details

Vulnerability

Patched

A vulnerability exists in the web services and applications of PcVue, specifically in the WebVue, WebScheduler, TouchVue, and SnapVue features, all within versions 12.0.0 to 16.3.3. The issue arises from HTTP headers that are automatically added by IIS and ASP.NET. These headers, which contain sensitive information about the server's configuration, are not removed before deployment, thereby unnecessarily exposing this data.

Impact

The vulnerability could lead to the unintentional disclosure of sensitive server configuration information, which could be leveraged in further attacks.

Remediation

Users can upgrade to PcVue version 16.3.4 to address this vulnerability. For PcVue 15 users, version 15.2.14 is available.

Added: Feb 26, 2026, 10:38 AM

Updated: Feb 26, 2026, 10:38 AM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

6.6

remediation

7.7

relevance

3.2

threat

0.0

urgency

0.0

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

6.6

remediation

7.7

relevance

3.2

threat

0.0

urgency

0.0

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PcVue Web Services and Applications HTTP Header Vulnerability Exposing Server Configuration Details

Vulnerability

Impact

Remediation

Affected Products

PcVue

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating