CVE-2026-1697
Missing Secure and SameSite Attributes in PcVue Web Services
Publication date: 2026-02-26
Last updated on: 2026-03-12
Assigner: arcinfo
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| arcinformatique | pcvue | From 16.0.0 (inc) to 16.3.4 (exc) |
| arcinformatique | pcvue | From 12.0.0 (inc) to 15.2.13 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-614 | The Secure attribute for sensitive cookies in HTTPS sessions is not set. |
| CWE-1275 | The SameSite attribute for sensitive cookies is not set, or an insecure value is used. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the absence of the Secure and SameSite attributes in the GraphicalData web services and the WebClient web application of PcVue versions 12.0.0 through 16.3.3. These attributes are important for securing cookies used in web applications.
How can this vulnerability impact me? :
Without the Secure and SameSite attributes, cookies may be more vulnerable to interception or cross-site request forgery (CSRF) attacks, potentially allowing attackers to hijack user sessions or perform unauthorized actions within the affected web services and applications.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know