ArcinfoCVEs & Vulnerabilities

12 CVEs affecting Arcinfo products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

pcvue 12frontvue 4plantvue 4
CVE-2026-14868MEDIUM

The encryption algorithm used to protect the configuration of user accounts, stored in the built-in user directory of PcVue projects, all versions prior to 17.0.0, is not strong enough for the level of protection required. A local attacker could alter the existing configuration and ultimately gain privileged access to the PcVue application.

7 Jul 2026
5.5
CVSS
CVE-2026-14867MEDIUM

Credentials of built-in users are insecurely stored in the User directory of PcVue projects, all versions prior to 17.0.0. A local attacker could retrieve users’ credentials.  Active Directory accounts are not affected by this vulnerability.

7 Jul 2026
5.5
CVSS
CVE-2022-4312MEDIUM

A cleartext storage of sensitive information vulnerability exists in PcVue versions 8.10 through 15.2.3. This could allow an unauthorized user with access the email and short messaging service (SMS) accounts configuration files to discover the associated simple mail transfer protocol (SMTP) account credentials and the SIM card PIN code. Successful exploitation of this vulnerability could allow an unauthorized user access to the underlying email account and SIM card.

12 Dec 2022
5.5
CVSS
CVE-2022-4311MEDIUM

An insertion of sensitive information into log file vulnerability exists in PcVue versions 15 through 15.2.2. This could allow a user with access to the log files to discover connection strings of data sources configured for the DbConnect, which could include credentials. Successful exploitation of this vulnerability could allow other users unauthorized access to the underlying data sources.

12 Dec 2022
6.5
CVSS
CVE-2022-2569MEDIUM

The affected device stores sensitive information in cleartext, which may allow an authenticated user to access session data stored in the OAuth database belonging to legitimate users

24 Aug 2022
5.5
CVSS
CVE-2020-26869HIGH

ARC Informatique PcVue prior to version 12.0.17 is vulnerable to information exposure, allowing unauthorized users to access session data of legitimate users. This issue also affects third-party systems based on the Web Services Toolkit.

12 Oct 2020
7.5
CVSS
CVE-2020-26868HIGH

ARC Informatique PcVue prior to version 12.0.17 is vulnerable to a denial-of-service attack due to the ability of an unauthorized user to modify information used to validate messages sent by legitimate web clients. This issue also affects third-party systems based on the Web Services Toolkit.

12 Oct 2020
7.5
CVSS
CVE-2020-26867CRITICAL

ARC Informatique PcVue prior to version 12.0.17 is vulnerable due to the deserialization of untrusted data, which may allow an attacker to remotely execute arbitrary code on the web and mobile back-end server.

12 Oct 2020
9.8
CVSS
CVE-2011-4045MEDIUMpoc

Buffer overflow in an unspecified ActiveX control in aipgctl.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to cause a denial of service via a crafted HTML document.

3 Apr 2012
4.3
CVSS
CVE-2011-4044MEDIUMpoc

An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to modify files via calls to unknown methods.

3 Apr 2012
5.8
CVSS
CVE-2011-4043CRITICALpoc

Integer overflow in an unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to execute arbitrary code via a large value for an integer parameter, leading to a buffer overflow.

3 Apr 2012
9.3
CVSS
CVE-2011-4042CRITICALpoc

An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to execute arbitrary code by using a crafted HTML document to obtain control of a function pointer.

3 Apr 2012
9.3
CVSS
← PrevPage 1 / 1Next →