All CISA Advisories, EN

AVEVA Process Optimization

2026-01-15 19:01

Summary

Successful exploitation of these vulnerabilities could enable an attacker to execute remote code, perform SQL injection, escalate privileges, or access sensitive information.

The following versions of AVEVA Process Optimization are affected:

Process Optimization (CVE-2025-61937, CVE-2025-64691, CVE-2025-61943, CVE-2025-65118, CVE-2025-64729, CVE-2025-65117, CVE-2025-64769)

CVSS	Vendor	Equipment	Vulnerabilities
v3 10	AVEVA	AVEVA Process Optimization	Improper Control of Generation of Code (‘Code Injection’), Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’), Uncontrolled Search Path Element, Missing Authorization, Use of Potentially Dangerous Function, Cleartext Transmission of Sensitive Information

Background

Critical Infrastructure Sectors: Critical Manufacturing
Countries/Areas Deployed: Worldwide
Company Headquarters Location: United Kingdom

Vulnerabilities

CVE-2025-61937

The vulnerability, if exploited, could allow an unauthenticated miscreant to achieve remote code execution under OS System privileges of “taoimr” service, potentially resulting in complete compromise of the Model Application Server.

View CVE Details

Affected Products

AVEVA Process Optimization

Vendor:
AVEVA

Product Version:
AVEVA Process Optimization: <=2024.1

Product Status:
known_affected

Remediations

Mitigation[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from All CISA Advisories

Read the original article:

AVEVA Process Optimization

Share this:
Facebook
X
LinkedIn
Like this:
Like Loading...

Related

Tags: All CISA Advisories EN

Post navigation

← Empowering Latinas in Cybersecurity

2025 Threat Landscape in Review: Lessons for Businesses Moving Into 2026 →

Search for:
Pages

Advertising

Contact

Legal and Contact information

Opt-out preferences

Privacy Policy

Social Media

Apps

Telegram Channel

Recent Posts

Predicting 2026 January 15, 2026

Why ICE Can Kill With Impunity January 15, 2026

Iran’s internet shutdown is now one of its longest ever, as protests continue January 15, 2026

Forget Predictions: True 2026 Cybersecurity Priorities From Leaders January 15, 2026

Researchers Disrupt Major Botnet Network After It Infects Millions of Android Devices January 15, 2026

Introducing ÆSIR: Finding Zero-Day Vulnerabilities at the Speed of AI January 15, 2026

Most Inspiring Women in Cyber 2026: Meet The Judges January 15, 2026

New StackWarp Attack Threatens Confidential VMs on AMD Processors January 15, 2026

2025 Threat Landscape in Review: Lessons for Businesses Moving Into 2026 January 15, 2026

AVEVA Process Optimization January 15, 2026

Empowering Latinas in Cybersecurity January 15, 2026

Fortinet FortiSIEM Vulnerability CVE-2025-64155 Actively Exploited in Attacks January 15, 2026

Vibe Coding Tested: AI Agents Nail SQLi but Fail Miserably on Security Controls January 15, 2026

GhostPoster Browser Malware Hid for 5 Years With 840,000 Installs January 15, 2026

AI Security: What Enterprises Are Getting Wrong January 15, 2026

AI Agent Integration Can Become a Problem in Workplace Operations January 15, 2026

IT Security News Hourly Summary 2026-01-15 18h : 7 posts January 15, 2026

Russia-Linked Lynx Gang Claims Ransomware Attack on CSA Tax & Advisory January 15, 2026

Google Appears to Be Preparing Gemini Integration for Chrome on Android January 15, 2026

Wordfence Intelligence Weekly WordPress Vulnerability Report (January 5, 2026 to January 11, 2026) January 15, 2026

Copyright © 2026 IT Security News. All Rights Reserved. The Magazine Basic Theme by bavotasan.com.

Manage Consent

To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.

Functional Functional Always active

The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.

Preferences Preferences

The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.

Statistics Statistics

The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.

Marketing Marketing

The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.

Manage options

Manage services

Manage {vendor_count} vendors

Read more about these purposes

View preferences

{title}

{title}

{title}