CP
cyberpings

AVEVA Pipeline Simulation - Critical Vulnerability Exposed

A critical vulnerability in AVEVA Pipeline Simulation has been discovered, allowing unauthorized modifications. Organizations must upgrade their systems to prevent exploitation. Immediate action is necessary to protect critical training data.

VulnerabilitiesCRITICALUpdated: Published:

Original Reporting

CICISA Advisories·CISA

AI Summary

CyberPings AI·Reviewed by Rohit Rana

🎯Basically, a flaw lets anyone change important settings in AVEVA's software without permission.

What Happened

A serious vulnerability has been discovered in AVEVA Pipeline Simulation that could allow an unauthenticated attacker to modify critical simulation parameters, training configurations, and training records. This flaw affects all versions of the software up to and including 2025_SP1_build_7.1.9497.6351.

The Flaw

The vulnerability, identified as CVE-2026-5387, is classified as a Missing Authorization issue. It enables attackers to perform operations meant for privileged roles, such as Simulator Instructors or Developers, leading to potential privilege escalation. This could result in unauthorized changes that compromise the integrity of training simulations.

What's at Risk

The risk is significant, especially for organizations in the Critical Manufacturing sector that rely on accurate simulation data for training and operational purposes. If exploited, this vulnerability could disrupt training processes and lead to incorrect operational settings, potentially affecting safety and efficiency.

Patch Status

AVEVA has released a fix for this vulnerability. Users are advised to upgrade to AVEVA Pipeline Simulation 2025 SP1 P01 (build 7.1.9580.8513) or higher to mitigate the risk. The patch addresses the missing authorization issue, ensuring that only authenticated users can modify simulation parameters.

Recommended Actions

To protect against this vulnerability, organizations should take the following actions:

Containment

  • 1.Upgrade to the latest version of AVEVA Pipeline Simulation as soon as possible.
  • 2.Restrict Network Access: Implement host-based and network firewall controls to limit access to the Pipeline Simulation Server API.

Conclusion

This vulnerability highlights the importance of maintaining updated software in critical infrastructure systems. Organizations must act quickly to implement the recommended patches and security measures to safeguard their operations.

🔒 Pro Insight

🔒 Pro insight: This vulnerability underscores the need for stringent access controls in critical infrastructure systems to prevent unauthorized modifications.

CICISA Advisories· CISA
Read Original

Share

Related Pings

Preview image for Drupal Core - Critical Cross-Site Scripting Vulnerability
Vulnerabilities
CRITICAL

Drupal Core - Critical Cross-Site Scripting Vulnerability

Drupal has issued a critical security advisory for a cross-site scripting vulnerability affecting multiple core versions. Users must update immediately to protect their sites. Ignoring this could lead to serious security risks.

CCCanadian Cyber Centre Alerts
Read PingRead Source
Preview image for Windows Zero-Days - Exploited in Ongoing Attacks
Vulnerabilities Widely Reported (4 sources)
HIGH

Windows Zero-Days - Exploited in Ongoing Attacks

Three zero-day vulnerabilities in Microsoft Defender are currently being exploited, with two still unpatched. Organizations must act quickly to mitigate risks.

BCBleepingComputer+3 more
Read PingRead Source
Preview image for FortiSandbox Vulnerability - PoC Exploit Released Publicly
Vulnerabilities
CRITICAL

FortiSandbox Vulnerability - PoC Exploit Released Publicly

A critical vulnerability in Fortinet's FortiSandbox allows unauthenticated attackers to execute commands as root. A proof-of-concept exploit is now publicly available, making immediate patching essential.

CSCyber Security News+1 more
Read PingRead Source
Vulnerabilities
CRITICAL

Anviz Multiple Products - Critical Vulnerabilities Exposed

Anviz devices are vulnerable to critical security flaws that could allow hackers to gain control. Products affected include CX2 Lite and CX7 firmware versions. Users must act quickly to secure their devices.

CICISA Advisories
Read PingRead Source
Preview image for Windows Server Reboot Loops - April 2026 Patch Issues
Vulnerabilities
HIGH

Windows Server Reboot Loops - April 2026 Patch Issues

Microsoft has identified a critical issue causing some Windows domain controllers to enter reboot loops after the April 2026 updates. This affects authentication services, risking downtime for organizations using PAM. Microsoft is working on a fix while advising admins to seek support for mitigation measures.

BCBleepingComputer
Read PingRead Source
Vulnerabilities
CRITICAL

Horner Automation - Critical Vulnerability in PLC Systems

A critical vulnerability has been found in Horner Automation's PLC systems, allowing unauthorized access. Affected versions include Cscape v10.0 and XL7 PLC v15.60. Users must update their systems to mitigate risks.

CICISA Advisories
Read PingRead Source