{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-21T07:37:43.230","vulnerabilities":[{"cve":{"id":"CVE-2026-1692","sourceIdentifier":"87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932","published":"2026-02-26T08:16:18.160","lastModified":"2026-06-17T10:16:19.950","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A missing origin validation in WebSockets vulnerability affects the GraphicalData web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to lure a successfully authenticated user to a malicious website.\n\nThis vulnerability only affects the following two endpoints: GraphicalData/js/signalR/connect and GraphicalData/js/signalR/reconnect."},{"lang":"es","value":"Una vulnerabilidad de validación de origen faltante en WebSockets afecta a los servicios web GraphicalData utilizados por las características WebVue, WebScheduler, TouchVue y SnapVue de PcVue en la versión 12.0.0 hasta la 16.3.3 incluida. Podría permitir a un atacante remoto atraer a un usuario autenticado con éxito a un sitio web malicioso.\n\nEsta vulnerabilidad solo afecta a los dos siguientes endpoints: GraphicalData/js/signalR/connect y GraphicalData/js/signalR/reconnect."}],"affected":[{"source":"87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932","affectedData":[{"vendor":"arcinfo","product":"PcVue","defaultStatus":"unaffected","modules":["WebVue","WebScheduler","TouchVue","SnapVue","Web services"],"versions":[{"version":"16.0.0","lessThanOrEqual":"16.3.3","versionType":"cpe","status":"affected"},{"version":"15.0.0","lessThanOrEqual":"15.2.13","versionType":"cpe","status":"affected"},{"version":"12.0.0","versionType":"cpe","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:Clear","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"USER","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"CLEAR"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932","ssvcData":{"options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CNA","version":"2.0.3"}},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-02-26T14:23:10.635765Z","id":"CVE-2026-1692","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932","type":"Secondary","description":[{"lang":"en","value":"CWE-1385"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:arcinformatique:pcvue:*:*:*:*:*:*:*:*","versionStartIncluding":"12.0.0","versionEndIncluding":"15.2.13","matchCriteriaId":"991311B5-07A8-4CA5-9A07-17D0110128AF"},{"vulnerable":true,"criteria":"cpe:2.3:a:arcinformatique:pcvue:*:*:*:*:*:*:*:*","versionStartIncluding":"16.0.0","versionEndExcluding":"16.3.4","matchCriteriaId":"36C7C670-9A8E-49CD-A04C-8426A4C0C911"}]}]}],"references":[{"url":"https://www.pcvue.com/security/#SB2026-2","source":"87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932","tags":["Vendor Advisory"]}]}}]}