Primary

Context

AVEVA Pipeline Simulation Missing Authorization Vulnerability Allowing Privilege Escalation

Vulnerability

A vulnerability exists in AVEVA Pipeline Simulation 2025 SP1 (build 7.1.9497.6351) and all prior versions) due to missing authorization on certain API methods. This vulnerability could allow an unauthenticated individual to perform actions reserved for Simulator Instructor or Simulator Developer (Administrator) roles. Exploitation of this vulnerability could lead to unauthorized privilege escalation, with the potential to modify simulation parameters, training configurations, and training records.

Impact

Exploitation of this vulnerability could result in unauthorized privilege escalation, allowing an attacker to access and modify simulation parameters, training configurations, and training records.

Remediation

Users can upgrade to AVEVA Pipeline Simulation 2025 SP1 P01 (build 7.1.9580.8513) or higher to address this vulnerability. For more information, visit the AVEVA Software Support site.

Added: Apr 15, 2026, 4:26 PM

Updated: Apr 15, 2026, 4:26 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

5.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

5.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AVEVA Pipeline Simulation Missing Authorization Vulnerability Allowing Privilege Escalation

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating