AVEVA Pipeline Simulation Missing Authorization_CVE-2026-5387

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Description

The vulnerability, if exploited, could allow an unauthenticated miscreant to perform operations intended only for Simulator Instructor or Simulator Developer (Administrator) roles, resulting in privilege escalation with potential for modification of simulation parameters, training configuration, and training records.

AI Analysis

Privilege escalation vulnerability in AVEVA Pipeline Simulation due to missing authorization, allowing unauthenticated attackers to modify simulation parameters and training records.

Basic Information

ID CVE-2026-5387

Source icscert

Published Apr 15, 2026 at 15:24

Affected Product

Vendor AVEVA

Product Pipeline Simulation 2025

Affected Versions AVEVA Pipeline Simulation 2025 0

CWE Classification

CWE-862

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor AVEVA

Product Pipeline Simulation

Version 2025

References

{
    "lastseen": "",
    "description": "The vulnerability, if exploited, could allow an unauthenticated miscreant to perform operations\u00a0intended only for Simulator Instructor or Simulator Developer (Administrator) roles, resulting in privilege escalation with potential for modification of simulation parameters, training configuration, and training records.",
    "published": "2026-04-15T15:24:15.623Z",
    "modified": "2026-04-15T15:24:15.623Z",
    "type": "cve",
    "title": "AVEVA Pipeline Simulation Missing Authorization",
    "source": "icscert",
    "references": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2026-004.pdf\nhttps://softwaresupportsp.aveva.com/en-US/downloads/products/details/57b79fdb-7b5f-4125-8a44-833b6b5c6d6f\nhttps://www.cisa.gov/news-events/ics-advisories/icsa-26-106-04\nhttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-04.json",
    "id": "CVE-2026-5387",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "AVEVA Pipeline Simulation 2025 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Pipeline Simulation 2025",
    "version": "0",
    "vendor": "AVEVA",
    "ai_description": "Privilege escalation vulnerability in AVEVA Pipeline Simulation due to missing authorization, allowing unauthenticated attackers to modify simulation parameters and training records.",
    "ai_severity": "Critical",
    "ai_vendor": "AVEVA",
    "ai_product": "Pipeline Simulation",
    "ai_version": "2025",
    "ai_score": 9.3
}