CVE-2026-5387
AVEVA Pipeline Simulation Missing Authorization
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
The vulnerability, if exploited, could allow an unauthenticated miscreant to perform operations intended only for Simulator Instructor or Simulator Developer (Administrator) roles, resulting in privilege escalation with potential for modification of simulation parameters, training configuration, and training records.
| CWE | CWE-862 |
| Vendor | aveva |
| Product | pipeline simulation 2025 |
| Published | Apr 15, 2026 |
| Last Updated | Apr 15, 2026 |
Stay Ahead of the Next One
Get instant alerts for aveva pipeline simulation 2025
Be the first to know when new unknown vulnerabilities affecting aveva pipeline simulation 2025 are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
AVEVA / Pipeline Simulation 2025
0 ≤ 2025 SP1 (build 7.1.9497.6351)
References
aveva.com: https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2026-004.pdf softwaresupportsp.aveva.com: https://softwaresupportsp.aveva.com/en-US/downloads/products/details/57b79fdb-7b5f-4125-8a44-833b6b5c6d6f cisa.gov: https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-04 github.com: https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-04.json