{“lastseen”:””,”description”:”The vulnerability, if exploited, could allow an unauthenticated miscreant to perform operations\u00a0intended only for Simulator Instructor or Simulator Developer (Administrator) roles, resulting in privilege escalation with potential for modification of simulation parameters, training configuration, and training records.”,”published”:”2026-04-15T15:24:15.623Z”,”modified”:”2026-04-15T15:24:15.623Z”,”type”:”cve”,”title”:”AVEVA Pipeline Simulation Missing Authorization”,”source”:”icscert”,”references”:”https:\/\/www.aveva.com\/content\/dam\/aveva\/documents\/support\/cyber-security-updates\/SecurityBulletin_AVEVA-2026-004.pdf\\nhttps:\/\/softwaresupportsp.aveva.com\/en-US\/downloads\/products\/details\/57b79fdb-7b5f-4125-8a44-833b6b5c6d6f\\nhttps:\/\/www.cisa.gov\/news-events\/ics-advisories\/icsa-26-106-04\\nhttps:\/\/github.com\/cisagov\/CSAF\/blob\/develop\/csaf_files\/OT\/white\/2026\/icsa-26-106-04.json”,”id”:”CVE-2026-5387″,”bulletinFamily”:””,”cwe”:[“CWE-862″],”cvelist”:null,”sourceData”:”AVEVA Pipeline Simulation 2025 0″,”sourceHref”:””,”cvss”:{“score”:9.3,”severity”:”CRITICAL”,”vector”:”CVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:N\/UI:N\/VC:H\/VI:H\/VA:N\/SC:N\/SI:N\/SA:N”,”version”:”4.0″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”Pipeline Simulation 2025″,”version”:”0″,”vendor”:”AVEVA”,”ai_description”:”Privilege escalation vulnerability in AVEVA Pipeline Simulation due to missing authorization, allowing unauthenticated attackers to modify simulation parameters and training records.”,”ai_severity”:”Critical”,”ai_vendor”:”AVEVA”,”ai_product”:”Pipeline Simulation”,”ai_version”:”2025″,”ai_score”:9.3}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”The vulnerability, if exploited, could allow an unauthenticated miscreant to perform operations\u00a0intended only for Simulator Instructor or Simulator Developer (Administrator) roles, resulting in privilege escalation…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[9,6,8,55,12,13,7,11,5],"class_list":["post-47233","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-critical","tag-cve","tag-cvss","tag-cvss-93","tag-exploit","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n