CVE-2020-26867 PcVue RCE
Virsec Security Research Lab Vulnerability Analysis
The Virsec Security Research Lab provides detailed analysis on recent and notable security vulnerabilities.
A Remote Code Execution vulnerability exists in PcVue from version 8.10 onward, due to the unsafe deserialization of messages received on the interface.
Watch the video to learn more about this and other important vulnerabilities.
The CVSS Base Score is 9.8 (Critical)
ARC Informatique PcVue 8.10 (including) through 12.0.17 (excluding)
The earliest vulnerable version was released on 04/2007. The exposure window is therefore over thirteen years.
Sergey Temnikov, Kaspersky ICS CERT
Andrey Muravitsky, Kaspersky ICS CERT.
PcVue supports an extremely wide range of communication standards, including built-in drivers for Industry and machine builders (around 200 current and legacy protocols), Building Management Systems (lns, BACnet, SNMP), Power generation, T&D and Power Systems at large (IECs,DNP3) and Water treatment & distribution (most telemetry protocols available). Our policy is always to provide connectivity to the widest range of legacy and modern devices.
PCVUE became and remains the best-selling SCADA package in France with over 35% of the market share. Given that PCVue is a SCADA/HMI system which control machinery, any arbitrary code execution or malware execution would be very dangerous for the plant. No exploits are available publicly for this vulnerability.
Virsec Security Platform (VSP) Support
The Virsec Security Platform (VSP)-Host monitors processes that are spawned which are not part of a set of whitelisted process. Any attempt to execute new command or unknown binary would be denied by VSP-Host’s Process Monitoring capability.
Download the full vulnerability report to learn more about this and other important vulnerabilities.