VYPR
Vendor

PcVue

Products
1
CVEs
9
Across products
9
Status
Private

Products

1

Recent CVEs

9
  • CVE-2025-9999HigSep 5, 2025
    risk 0.49cvss epss 0.00

    Some payload elements of the messages sent between two stations in a networking architecture are not properly checked on the receiving station allowing an attacker to execute unauthorized commands in the application.

  • CVE-2025-4384MedMay 6, 2025
    risk 0.39cvss epss 0.00

    The MQTT add-on of PcVue fails to verify that a remote device’s certificate has not already expired or has not yet become valid. This allows malicious devices to present certificates that are not rejected properly. The use of a client certificate reduces the risk for random…

  • CVE-2022-4312MedDec 12, 2022
    risk 0.36cvss 5.5epss 0.00

    A cleartext storage of sensitive information vulnerability exists in PcVue versions 8.10 through 15.2.3. This could allow an unauthorized user with access the email and short messaging service (SMS) accounts configuration files to discover the associated simple mail transfer…

  • CVE-2024-12056LowDec 4, 2024
    risk 0.15cvss epss 0.00

    The Client secret is not checked when using the OAuth Password grant type. By exploiting this vulnerability, an attacker could connect to a web server using a client application not explicitly authorized as part of the OAuth deployment. Exploitation requires valid credentials…

  • CVE-2024-12057LowDec 9, 2024
    risk 0.12cvss epss 0.00

    User credentials (login & password) are inserted into log files when a user tries to authenticate using a version of a Web client that is not compatible with that of the PcVue Web back end. By exploiting this vulnerability, an attacker could retrieve the credentials of a user by…

  • CVE-2026-1698Feb 26, 2026
    risk 0.00cvss epss 0.00

    A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior. This vulnerability only affects the endpoints…

  • CVE-2026-1697Feb 26, 2026
    risk 0.00cvss epss 0.00

    The Secure and SameSite attribute are missing in the GraphicalData web services and WebClient web app of PcVue in version 12.0.0 through 16.3.3 included.

  • CVE-2026-1695Feb 26, 2026
    risk 0.00cvss epss 0.00

    An XSS vulnerability affects the OAuth web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to trick a legitimate user into loading content from another site upon…

  • CVE-2026-1694Feb 26, 2026
    risk 0.00cvss epss 0.00

    HTTP headers are added by the default configuration of IIS and ASP.net, and are not removed at the deployment phase of the webservices used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It unnecessarily exposes…