AVEVA Pipeline Simulation

Risk Summary

Successful exploitation of this vulnerability could allow an unauthenticated attacker to modify simulation parameters, training configuration and training records.

CVEs (1)

Remediations

• All affected versions can be fixed by upgrading to AVEVA Pipeline Simulation 2025 SP1 P01 (build 7.1.9580.8513) or higher. (https://softwaresupportsp.aveva.com/en-US/downloads/products/details/57b79fdb-7b5f-4125-8a44-833b6b5c6d6f)
• For more information, please see AVEVA's security bulletin AVEVA-2026-004 (https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2026-004.pdf).
• Restrict Network Access: Implement host-based and/or network firewall controls on all nodes hosting the Pipeline Simulation Server API to ensure that only trusted Pipeline Simulation client systems are permitted to establish connections.
• Enforce Secure Communication: Enable TLS for all API communications and ensure that server certificates are properly managed and protected to reduce the risk of manipulator-in-the-middle(MitM) attacks and tampering with data in transit.

Affected Vendors

Affected Products (1)

Affected Sectors

Critical Manufacturing