Pcvue
by Arcinfo
CVEs (13)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2011-4044 | 0.05 | — | 0.27 | Apr 3, 2012 | An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to modify files via calls to unknown methods. | |||
| CVE-2011-4043 | 0.04 | — | 0.07 | Apr 3, 2012 | Integer overflow in an unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to execute arbitrary code via a large value for an integer parameter, leading to a buffer overflow. | |||
| CVE-2011-4042 | 0.04 | — | 0.06 | Apr 3, 2012 | An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to execute arbitrary code by using a crafted HTML document to obtain control of a function pointer. | |||
| CVE-2011-4045 | 0.03 | — | 0.04 | Apr 3, 2012 | Buffer overflow in an unspecified ActiveX control in aipgctl.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to cause a denial of service via a crafted HTML document. | |||
| CVE-2026-1698 | 0.00 | — | 0.00 | Feb 26, 2026 | A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior. This vulnerability only affects the endpoints… | |||
| CVE-2026-1697 | 0.00 | — | 0.00 | Feb 26, 2026 | The Secure and SameSite attribute are missing in the GraphicalData web services and WebClient web app of PcVue in version 12.0.0 through 16.3.3 included. | |||
| CVE-2026-1696 | 0.00 | — | 0.00 | Feb 26, 2026 | Some HTTP security headers are not properly set by the web server when sending responses to the client application. | |||
| CVE-2026-1695 | 0.00 | — | 0.00 | Feb 26, 2026 | An XSS vulnerability affects the OAuth web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to trick a legitimate user into loading content from another site upon… | |||
| CVE-2026-1694 | 0.00 | — | 0.00 | Feb 26, 2026 | HTTP headers are added by the default configuration of IIS and ASP.net, and are not removed at the deployment phase of the webservices used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It unnecessarily exposes… | |||
| CVE-2026-1693 | 0.00 | — | 0.00 | Feb 26, 2026 | The OAuth grant type Resource Owner Password Credentials (ROPC) flow is still used by the werbservices used by the WebVue, WebScheduler, TouchVue and Snapvue features of PcVue in version 12.0.0 through 16.3.3 included despite being deprecated. It might allow a remote attacker to… | |||
| CVE-2026-1692 | 0.00 | — | 0.00 | Feb 26, 2026 | A missing origin validation in WebSockets vulnerability affects the GraphicalData web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to lure a successfully… | |||
| CVE-2020-26867 | 0.00 | — | 0.04 | Oct 12, 2020 | ARC Informatique PcVue prior to version 12.0.17 is vulnerable due to the deserialization of untrusted data, which may allow an attacker to remotely execute arbitrary code on the web and mobile back-end server. | |||
| CVE-2020-26868 | 0.00 | — | 0.02 | Oct 12, 2020 | ARC Informatique PcVue prior to version 12.0.17 is vulnerable to a denial-of-service attack due to the ability of an unauthorized user to modify information used to validate messages sent by legitimate web clients. This issue also affects third-party systems based on the Web… |
- CVE-2011-4044Apr 3, 2012risk 0.05cvss —epss 0.27
An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to modify files via calls to unknown methods.
- CVE-2011-4043Apr 3, 2012risk 0.04cvss —epss 0.07
Integer overflow in an unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to execute arbitrary code via a large value for an integer parameter, leading to a buffer overflow.
- CVE-2011-4042Apr 3, 2012risk 0.04cvss —epss 0.06
An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to execute arbitrary code by using a crafted HTML document to obtain control of a function pointer.
- CVE-2011-4045Apr 3, 2012risk 0.03cvss —epss 0.04
Buffer overflow in an unspecified ActiveX control in aipgctl.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to cause a denial of service via a crafted HTML document.
- CVE-2026-1698Feb 26, 2026risk 0.00cvss —epss 0.00
A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior. This vulnerability only affects the endpoints…
- CVE-2026-1697Feb 26, 2026risk 0.00cvss —epss 0.00
The Secure and SameSite attribute are missing in the GraphicalData web services and WebClient web app of PcVue in version 12.0.0 through 16.3.3 included.
- CVE-2026-1696Feb 26, 2026risk 0.00cvss —epss 0.00
Some HTTP security headers are not properly set by the web server when sending responses to the client application.
- CVE-2026-1695Feb 26, 2026risk 0.00cvss —epss 0.00
An XSS vulnerability affects the OAuth web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to trick a legitimate user into loading content from another site upon…
- CVE-2026-1694Feb 26, 2026risk 0.00cvss —epss 0.00
HTTP headers are added by the default configuration of IIS and ASP.net, and are not removed at the deployment phase of the webservices used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It unnecessarily exposes…
- CVE-2026-1693Feb 26, 2026risk 0.00cvss —epss 0.00
The OAuth grant type Resource Owner Password Credentials (ROPC) flow is still used by the werbservices used by the WebVue, WebScheduler, TouchVue and Snapvue features of PcVue in version 12.0.0 through 16.3.3 included despite being deprecated. It might allow a remote attacker to…
- CVE-2026-1692Feb 26, 2026risk 0.00cvss —epss 0.00
A missing origin validation in WebSockets vulnerability affects the GraphicalData web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to lure a successfully…
- CVE-2020-26867Oct 12, 2020risk 0.00cvss —epss 0.04
ARC Informatique PcVue prior to version 12.0.17 is vulnerable due to the deserialization of untrusted data, which may allow an attacker to remotely execute arbitrary code on the web and mobile back-end server.
- CVE-2020-26868Oct 12, 2020risk 0.00cvss —epss 0.02
ARC Informatique PcVue prior to version 12.0.17 is vulnerable to a denial-of-service attack due to the ability of an unauthorized user to modify information used to validate messages sent by legitimate web clients. This issue also affects third-party systems based on the Web…