ARC Informatique PcVue (Update A)

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, expose sensitive data, and prevent legitimate users from connecting to PcVue services.

CVEs (3)

Remediations

• ARC Informatique recommends upgrading PcVue to v12.0.17. Contact PcVue Support to receive instructions on downloading and installing the latest software version.
• Patches are available for Version 12 (12.0.17 Maintenance Release) and Version 11.2 (11.2.06097 Update).
• Uninstall the web and mobile backend. Users not using the affected components should uninstall them. If the components are not required, do not install them.
• Harden firewall configuration by ensuring that incoming connections on the corresponding port are authorized only if initiated by the IIS Web Server process. The listening port is configurable (default 8090) and may have been changed on the system using the Application Explorer.
• For more information on this issue, please see Security Bulletin 2020-1 on the ARC Informatique security page.

Affected Vendors

Affected Products (1)

Affected Sectors

Multiple Sectors