CVE-2025-61937
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2026-01-16
Last updated on: 2026-01-22
Assigner: ICS-CERT
Description
Description
The vulnerability, if exploited, could allow an unauthenticated
miscreant to achieve remote code execution under OS system privileges of
“taoimr” service, potentially resulting in complete compromise of the model application server.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| aveva | process_optimization | to 2025 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows an unauthenticated attacker to remotely execute code with OS system privileges through the 'taoimr' service. Exploiting it could lead to a complete compromise of the model application server.
How can this vulnerability impact me? :
If exploited, this vulnerability can result in full control over the affected model application server by an attacker, potentially leading to data loss, unauthorized access, service disruption, and further network compromise.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70