安全公告
安全公告
尽管我们在产品设计、开发和封装过程中采用了严格的方法和预防措施,安全漏洞仍可能出现。请及时关注PcVue安全更新和网络安全警报。
本页面列出了ARC Informatique 公司所有已知产品的安全警报。请定期访问本页面以获取最新信息。我们高度重视安全漏洞问题,始终秉持快速响应的政策与实践,协助您确保系统安全。安全公告将向客户详细说明漏洞详情并提供缓解措施指导。
如需报告安全漏洞或提供反馈,您可以通过 Vulnerability Disclosure Policy “联系方式”部分指定的联络渠道与我们取得联系。
影响PcVue基于TCP的客户端/服务器网络功能的多个漏洞.
CVE Id: CVE-2025-9998, CVE-2025-9999
已修复版本: PcVue 12.0.31, PcVue 15.2.12, PcVue 16.3.1
PcVue 15
在进行TCP连接洪水攻击时,检测到一个潜在漏洞,该漏洞会触发竞争条件导致双重释放问题,从而使服务器无响应或崩溃(造成拒绝服务攻击).
此问题已在UaGateway 1.6.1版本中修复
PcVue 15
PcVue 15
PcVue 12
PcVue 15
PcVue 12
IEC 61850客户端驱动中存在缓冲区溢出漏洞.
CVE Id : CVE-2024-34057
已修复版本: PcVue 12.0.30, PcVue 15.2.9, PcVue 16.1.2, PcVue 16.2.0
使用存在漏洞版本的OpenSSL库.
CVE Id: CVE-2022-4304
已修复版本: PcVue 16.1.0 (OpenSSL 3.1.2), PcVue 16.2.0 (OpenSSL 3.2.1)
CVE Id: CVE-2023-4807, CVE-2023-5678
Fixed in: PcVue 16.1.2 (OpenSSL 3.2.0), PcVue 16.2.0 (OpenSSL 3.2.1)
PcVue 15
PcVue 12
Remote Code Execution vulnerability in the Microsoft Visual Basic for Applications runtime
CVE Id: CVE-2010-0815 (MS10-031), CVE-2012-1854 (MS12-046)
Patch provided with:
- PcVue 12.0.30, PcVue 15.2.8, PcVue 16.0.4, PcVue 16.1.1, PcVue 16.2.0
- FrontVue 12.0.30, FrontVue 15.2.8, FrontVue 16.1.1, FrontVue 16.2.0
FrontVue version 4.2 to 16.1
Multiple vulnerabilities have been fixed in the UaGateway :
Fixed in UaGateway 1.5.13
CVE-2022-4304 – OpenSSL library
CVE-2023-0286 – OpenSSL library
ZDI-CAN-20353 – Certificate Parsing Integer Overflow Denial-of-Service
ZDI-CAN-20494 – Improper Input Validation Denial-of-Service
ZDI-CAN-20495 – Null Pointer Dereference Denial-of-Service
ZDI-CAN-20497 – Use-After-Free Denial-of-Service
Fixed in UaGateway version 1.5.14
ZDI-CAN-20497 – Use-After-Free Denial-of-Service
ZDI-CAN-20576 – AddServer XML Injection Denial-of-Service
ZDI-CAN-20577 – NodeManagerOpcUa Use-After-Free Remote Code Execution
A vulnerability affects the configuration of SMS & Email Accounts.
CVE Id: CVE-2022-4312
Fixed in PcVue 12.0.28 and PcVue 15.2.4
A Denial of Service vulnerability affects the IEC 61850 client driver and the ICCP/TASE.2 interface.
CVE Id: CVE-2022-38138
Fixed in PcVue 12.0.28 and PcVue 15.2.3
A Denial of Service vulnerability affects the IEC 61850 client driver and the ICCP/TASE.2 interface.
CVE Id: CVE-2022-38138
Fixed in PcVue 12.0.28 and PcVue 15.2.3
ICCP/TASE.2 : PcVue 15.1
A vulnerability affects the configuration of the OAuth web service.
CVE Id: CVE-2022-2569
Fixed in PcVue 12.0.27 and PcVue 15.2.3
PcVue 12
During the Miami Pwn2Own contest the Zero Days Initiative (ZDI) reported multiple vulnerabilities.
CVE Id: CVE-2022-29862, CVE-2022-29864
Fixed in UaGateway version 1.5.10
CVE-2021-45117 – OPC Foundation, autogenerated ANSI C Stack Stubs
CVE-2022-0778 – OpenSSL library
Fixed in UaGateway version 1.5.9
Ocean Data Systems Dream Report privilege escalation vulnerabilities.
Dream Report 5 : CVE-2020-13532, CVE-2020-13533, CVE-2020-13534
Dream Report 2020 : CVE-2021-21957
Fixed in Dream Report 2020 R2 SP1
Timeline and concerns related to the Apache Log4j vulnerability
CVE-2021-44228, CVE-2021-45046
3 vulnerabilities affect the interface between the Web & Mobile back end and the web services hosted in Microsoft IIS
ICS-ALERT-18-011-01B: Timeline and concerns related to the Microsoft Windows updates designed to mitigate the Meltdown & Spectre vulnerabilities
FrontVue
PlantVue
Partner products
ICSA-12-024-01: Ocean Data Systems Dream Reports XSS and write access violation vunlerabilities.
ActiveBar, a 3rd party component used in our products is subject to an alert: ICS-ALERT-11-271-01
More information is available at Microsoft KB2562937
Microsoft released a Windows security update addressing this issue in August 2011.
FrontVue – All versions
PlantVue – All versions
ICS-ALERT-11-271-01: PcVue HMI/SCADA multiple ActiveX Vulnerabilities
CVE-2011-4042, CVE-2011-4043, CVE-2011-4044, CVE-2011-4045
FrontVue – All versions
PlantVue – All versions
