All CISA Advisories, EN

AVEVA Process Optimization

2026-01-15 19:01

Summary

Successful exploitation of these vulnerabilities could enable an attacker to execute remote code, perform SQL injection, escalate privileges, or access sensitive information.

The following versions of AVEVA Process Optimization are affected:

Process Optimization (CVE-2025-61937, CVE-2025-64691, CVE-2025-61943, CVE-2025-65118, CVE-2025-64729, CVE-2025-65117, CVE-2025-64769)

CVSS	Vendor	Equipment	Vulnerabilities
v3 10	AVEVA	AVEVA Process Optimization	Improper Control of Generation of Code (‘Code Injection’), Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’), Uncontrolled Search Path Element, Missing Authorization, Use of Potentially Dangerous Function, Cleartext Transmission of Sensitive Information

Background

Critical Infrastructure Sectors: Critical Manufacturing
Countries/Areas Deployed: Worldwide
Company Headquarters Location: United Kingdom

Vulnerabilities

CVE-2025-61937

The vulnerability, if exploited, could allow an unauthenticated miscreant to achieve remote code execution under OS System privileges of “taoimr” service, potentially resulting in complete compromise of the Model Application Server.

View CVE Details

Affected Products

AVEVA Process Optimization

Vendor:
AVEVA

Product Version:
AVEVA Process Optimization: <=2024.1

Product Status:
known_affected

Remediations

Mitigation[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from All CISA Advisories

Read the original article:

AVEVA Process Optimization

Share this:
Facebook
X
LinkedIn
Like this:
Like Loading...

Related

Tags: All CISA Advisories EN

Post navigation

← Empowering Latinas in Cybersecurity

2025 Threat Landscape in Review: Lessons for Businesses Moving Into 2026 →

Search for:
Pages

Advertising

Contact

Legal and Contact information

Opt-out preferences

Privacy Policy

Social Media

Apps

Telegram Channel

Recent Posts

DevSecOps for MLOps: Securing the Full Machine Learning Lifecycle January 15, 2026

Promptware Kill Chain – Five-Step Kill Chain Model for Analyzing Cyberthreats January 15, 2026

Hackers Abusing Legitimate Cloud and CDN Platforms to Host Phishing Kits January 15, 2026

NDSS 2025 – “Who Is Trying To Access My Account?” January 15, 2026

IT Security News Hourly Summary 2026-01-15 21h : 7 posts January 15, 2026

Check Point Research: VoidLink Shows Cloud-Native Linux Malware Evolving January 15, 2026

Elon Musk’s Grok ‘Undressing’ Problem Isn’t Fixed January 15, 2026

10 important incident response metrics and how to use them January 15, 2026

Contagious Claude Code bug Anthropic ignored promptly spreads to Cowork January 15, 2026

Predicting 2026 January 15, 2026

Why ICE Can Kill With Impunity January 15, 2026

Iran’s internet shutdown is now one of its longest ever, as protests continue January 15, 2026

Forget Predictions: True 2026 Cybersecurity Priorities From Leaders January 15, 2026

Researchers Disrupt Major Botnet Network After It Infects Millions of Android Devices January 15, 2026

Introducing ÆSIR: Finding Zero-Day Vulnerabilities at the Speed of AI January 15, 2026

Most Inspiring Women in Cyber 2026: Meet The Judges January 15, 2026

New StackWarp Attack Threatens Confidential VMs on AMD Processors January 15, 2026

2025 Threat Landscape in Review: Lessons for Businesses Moving Into 2026 January 15, 2026

AVEVA Process Optimization January 15, 2026

Empowering Latinas in Cybersecurity January 15, 2026

Copyright © 2026 IT Security News. All Rights Reserved. The Magazine Basic Theme by bavotasan.com.

Manage Consent

To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.

Functional Functional Always active

The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.

Preferences Preferences

The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.

Statistics Statistics

The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.

Marketing Marketing

The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.

Manage options

Manage services

Manage {vendor_count} vendors

Read more about these purposes

View preferences

{title}

{title}

{title}