AVEVA Pipeline Simulation
Summary
A critical vulnerability has been identified in AVEVA Pipeline Simulation software, affecting versions up to and including 2025_SP1_build_7.1.9497.6351. Successful exploitation by an unauthenticated attacker could allow for unauthorized modification of simulation parameters, training configurations, and training records, impacting critical manufacturing sectors worldwide.
IFF Assessment
This vulnerability allows an unauthenticated attacker to gain unauthorized access and modify critical system parameters, posing a direct threat to operational integrity.
Severity
The CVSS score of 9.1 reflects the high severity of the 'Missing Authorization' vulnerability. It allows unauthenticated attackers to escalate privileges and modify simulation data, which has a significant impact on the confidentiality, integrity, and potentially availability of the affected industrial control system.
Defender Context
This vulnerability in AVEVA Pipeline Simulation highlights the ongoing risks to operational technology (OT) systems within critical infrastructure. Defenders should prioritize patching affected systems and reviewing access controls to prevent unauthorized modifications that could disrupt operations or training.