CVE-2026-5387

The vulnerability, if exploited, could allow an unauthenticated miscreant to perform operations intended only for Simulator Instructor or Simulator Developer (Administrator) roles, resulting in privilege escalation with potential for modification of simulation parameters, training configuration, and training records.

Published: 4/15/2026Modified: 4/17/2026

Related Intelligence (1)

CRITICALVulnerability

AVEVA Pipeline Simulation

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-04.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of this vulnerability could allow an unauthenticated attacker to modify simulation parameters, training configuration and training records.</strong></p> <p>The following versions of AVEVA Pipeline Simulation ar

CVE-2026-5387

Apr 16, 2026CISA Advisories

References (4)

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-04.json https://softwaresupportsp.aveva.com/en-US/downloads/products/details/57b79fdb-7b5f-4125-8a44-833b6b5c6d6f https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2026-004.pdf https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-04