Ddos 
Industrial software giant AVEVA has issued a critical security advisory for its Pipeline Simulation platform, warning of a severe authorization flaw that could allow outsiders to hijack administrative functions. The vulnerability, tracked as CVE-2026-5387, carries a CVSSv4.0 score of 9.3, placing it in the highest tier of security risks for critical infrastructure operators.
The advisory, published by the AVEVA Product Security Response Center on April 14, 2026, details a “Missing Authorization” bug (CWE-862) affecting a specific subset of the softwareβs API methods.
The flaw strikes at the core of the platform’s access control. In a warning to users, AVEVA noted that “the vulnerability, if exploited, could allow an unauthenticated miscreant to perform operations intended only for Simulator Instructor or Simulator Developer (Administrator) roles”.
By bypassing these authorization checks, an attacker could achieve a significant breach of the simulation environment. The impact of such an intrusion is far-reaching, “resulting in privilege escalation with potential for modification of simulation parameters, training configuration, and training records”. For companies relying on these simulations for safety training or operational planning, the unauthorized alteration of data could lead to compromised training integrity or even dangerous real-world misconceptions.
The security gap is present in the following versions of the software:
- AVEVA Pipeline Simulation 2025 SP1 (build 7.1.9497.6351)
- All prior versions of the platform
AVEVA is urging organizations to evaluate the risk based on their specific architecture and to move quickly to secure their installations.
“All affected versions can be fixed by upgrading to AVEVA Pipeline Simulation 2025 SP1 P01 (build 7.1.9580.8513) or higher,” the company stated. The patch is available through the AVEVA Software Support Portal.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
