← Back to home
ICSA-22-235-01  ·  Published 2022-09-29  ·  View on CISA ICS-CERT ↗

ARC Informatique PcVue (Update A)

CVSS 5.5 MEDIUM

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to access the OAuth web service database.

CVEs (1)

Remediations

  • PcVue 12: The fix is available in Maintenance release 12.0.27
  • PcVue 15: The fix is available in Maintenance release 15.2.3
  • After installing either fix, ARC Informatique recommends doing the following: After installing the fix, users should update the Web Deployment Console (WDC) and re-deploy the Web Server. All users using the affected component should install a patched release of the WDC and re-deploy the Web Server. This will allow the WDC to update and protect the database connection string, including clearing any sensitive information stored in the web.config file. After installing the fix, users should update the Web Deployment Console (WDC) and re-deploy the Web Server. All users using the affected component should install a patched release of the WDC and re-deploy the Web Server. This will allow the WDC to update and protect the database connection string, including clearing any sensitive information stored in the web.config file.
  • All users using the affected component should install a patched release of the WDC and re-deploy the Web Server. This will allow the WDC to update and protect the database connection string, including clearing any sensitive information stored in the web.config file.
  • PcVue 15: A fix is forthcoming.
  • Uninstall the Web Server All users not using the affected component should uninstall the web server. The OAuth web service and its configuration are part of the Web Server for PcVue. If the system does not require Web & Mobile features, then users should not install them.
  • All users not using the affected component should uninstall the web server. The OAuth web service and its configuration are part of the Web Server for PcVue. If the system does not require Web & Mobile features, then users should not install them.
  • Users should contact ARC Informatique's PcVue Solutions for assistance with the above steps.
  • For additional information, visit the public ARC Informatique security alert page.

Affected Vendors

ARC Informatique

Affected Products (4)

ARC Informatique · PcVue 12 OAuth web service configuration < 12.0.27
ARC Informatique · PcVue 12 OAuth web service configuration vers:all/*
ARC Informatique · PcVue 15 OAuth web service configuration vers:all/*
ARC Informatique · PcVue 15 OAuth web service configuration < 15.2.3

Affected Sectors

Multiple Sectors

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more