ICSA-26-015-01 · Published 2026-01-15 · View on CISA ICS-CERT ↗

AVEVA Process Optimization

CVSS 10.0 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could enable an attacker to execute remote code, perform SQL injection, escalate privileges, or access sensitive information.

CVEs (7)

CVE-2025-61937 CVE-2025-64691 CVE-2025-61943 CVE-2025-65118 CVE-2025-64729 CVE-2025-65117 CVE-2025-64769

Remediations

AVEVA recommends users take the following action:
Update to AVEVA Process Optimization v2025
AVEVA alternatively recommends the following actions users can take to mitigate risk:
Apply Host and/or Network firewall rules restricting the taoimr service to accept traffic only from trusted source(s). By default, AVEVA Process Optimization listens on port 8888/8889(TLS). Please refer to the AVEVA Process Optimization Installation Guide for additional details on ports configuration.
Apply ACLs to the installation and data folders, limiting write-access to trusted users only.
Maintain a trusted chain-of-custody on Process Optimization project files during creation, modification, distribution, backups, and use.
For more information, please Aveva's security bulletin AVEVA-2026-001.

Affected Vendors

AVEVA

Affected Products (1)

AVEVA · Process Optimization <=2024.1

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more