Insertion of Sensitive Information into Log File vulnerability in AVEVA...

6.5 / 10

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Description

The vulnerability, if exploited, could allow an attacker with Event Log Reader (S-1-5-32-573) privileges to obtain proxy details, including URL and proxy credentials, from the PI to CONNECT event log files. This could enable unauthorized access to the proxy server.

Basic Information

ID CVE-2026-1495

Source icscert

Published Feb 10, 2026 at 20:18

Affected Product

Vendor AVEVA

Product PI to CONNECT Agent

Affected Versions AVEVA PI to CONNECT Agent 0

CWE Classification

CWE-532

References

www.cisa.gov /news-events/ics-advisories/icsa-26-041-04

{
    "lastseen": "",
    "description": "The vulnerability, if exploited, could allow an attacker with Event Log Reader (S-1-5-32-573) privileges to obtain proxy details, including URL and proxy credentials, from the PI to CONNECT event log files. This could enable unauthorized access to the proxy server.",
    "published": "2026-02-10T20:18:10.844Z",
    "modified": "2026-02-10T20:18:10.844Z",
    "type": "cve",
    "title": "Insertion of Sensitive Information into Log File vulnerability in AVEVA PI to CONNECT Agent",
    "source": "icscert",
    "references": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-041-04",
    "id": "CVE-2026-1495",
    "bulletinFamily": "",
    "cwe": [
        "CWE-532"
    ],
    "cvelist": null,
    "sourceData": "AVEVA PI to CONNECT Agent 0",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "PI to CONNECT Agent",
    "version": "0",
    "vendor": "AVEVA",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Insertion of Sensitive Information into Log File vulnerability in AVEVA PI to CONNECT Agent_CVE-2026-1495