PatchSiren cyber security CVE debrief
CVE-2026-1697 arcinfo CVE debrief
A vulnerability was found in PcVue versions 12.0.0 through 16.3.3, where the GraphicalData web services and WebClient web app are missing Secure and SameSite attributes. This issue has a CVSS score of 5.3 and is classified as MEDIUM severity. The vulnerability could potentially allow attackers to exploit the system. Administrators and users of affected versions should be aware of this vulnerability and take necessary actions to mitigate the risk. The CVE record and NVD entry provide additional context.
- Vendor
- arcinfo
- Product
- PcVue
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-26
- Original CVE updated
- 2026-07-09
- Advisory published
- 2026-02-26
- Advisory updated
- 2026-07-09
Who should care
Administrators and users of PcVue versions 12.0.0 through 16.3.3 should be aware of this vulnerability and take necessary actions to mitigate the risk. This includes reviewing system configurations, applying patches or updates, and monitoring systems for potential exploitation attempts. Security teams and vulnerability management teams should also review the CVE record and NVD entry for additional context.
Technical summary
The vulnerability is caused by the missing Secure and SameSite attributes in the GraphicalData web services and WebClient web app of PcVue. This could potentially allow attackers to exploit the vulnerability. The CVSS vector is CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:Clear. Further review of system configurations and security measures is recommended.
Defensive priority
Medium priority should be given to patching or mitigating this vulnerability, as it has a MEDIUM severity score. This priority is based on the CVSS score and the potential impact of the vulnerability.
Recommended defensive actions
- Apply patches or updates provided by the vendor to fix the vulnerability
- Review and update configurations to ensure Secure and SameSite attributes are properly set
- Monitor systems for potential exploitation attempts
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
Evidence notes
The CVE record was published on 2026-02-26T08:16:19.620Z and was last modified on 2026-07-09T18:32:08.463Z. The NVD entry is currently Analyzed. The vulnerability affects PcVue versions 12.0.0 through 16.3.3. The Secure and SameSite attributes are missing in the GraphicalData web services and WebClient web app. This information is based on the CVE record and NVD entry. Further verification is recommended to ensure accurate scope and impact.
Official resources
-
CVE-2026-1697 CVE record
CVE.org
-
CVE-2026-1697 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932 - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-02-26T08:16:19.620Z and has not been modified since then. The NVD entry is currently Analyzed.