AVEVA Pipeline Simulation

p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-04.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong Successful exploitation of this vulnerability could allow an unauthenticated attacker to modify simulation parameters, training configuration and training records. /strong /p p The following versions of AVEVA Pipeline Simulation are affected: /p ul li Pipeline Simulation lt;=2025_SP1_build_7.1.9497.6351 /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 9.1 /td td AVEVA /td td AVEVA Pipeline Simulation /td td Missing Authorization /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Critical Manufacturing /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong United Kingdom /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2026-5387 /a /h3 div class="csaf-accordion-content" p The vulnerability, if exploited, could allow an unauthenticated miscreant to perform operations intended only for Simulator Instructor or Simulator Developer (Administrator) roles, resulting in privilege escalation with potential for modification of simulation parameters, training configuration, and training records. /p p a href="https://www.cve.org/CVERecord?id=CVE-2026-5387" View CVE Details /a /p hr h4 Affected Products /h4 h5 AVEVA Pipeline Simulation /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br AVEVA /div div class="ics-version" strong Product Version: /strong br AVEVA Pipeline Simulation: lt;=2025_SP1_build_7.1.9497.6351 /div div class="ics-status" strong Product Status: /strong br known_affected /div /div div class="ics-remediations" h6 Remediations /h6 p strong Vendor fix /strong br All affected versions can be fixed by upgrading to AVEVA Pipeline Simulation 2025 SP1 P01 (build 7.1.9580.8513) or higher. (https://softwaresupportsp.aveva.com/en-US/downloads/products/details/57b79fdb-7b5f-4125-8a44-833b6b5c6d6f) br a href="https://softwaresupportsp.aveva.com/en-US/downloads/products/details/57b79fdb-7b5f-4125-8a44-833b6b5c6d6f" https://softwaresupportsp.aveva.com/en-US/downloads/products/details/57b79fdb-7b5f-4125-8a44-833b6b5c6d6f /a /p p strong Mitigation /strong br For more information, please see AVEVA's security bulletin AVEVA-2026-004 (https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2026-004.pdf). br a href="https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-u