PatchSiren cyber security CVE debrief
CVE-2026-5387 Raw CVE debrief
CVE-2026-5387 is a critical privilege-escalation issue in AVEVA Pipeline Simulation. According to the CISA CSAF advisory, an unauthenticated attacker could perform actions intended only for Simulator Instructor or Simulator Developer (Administrator) roles, with potential impact to simulation parameters, training configuration, and training records. The advisory lists an available vendor fix and recommends network-layer protections and TLS for API communications.
- Vendor
- Raw
- Product
- AVEVA Pipeline Simulation <=2025_SP1_build_7.1.9497.6351
- CVSS
- CRITICAL 9.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-16
- Original CVE updated
- 2026-04-16
- Advisory published
- 2026-04-16
- Advisory updated
- 2026-04-16
Who should care
OT and ICS teams running AVEVA Pipeline Simulation, especially operators of exposed Pipeline Simulation Server API instances; security administrators responsible for segmentation, certificate management, and access control; and incident responders supporting training or simulation environments.
Technical summary
The provided advisory describes an unauthenticated attack path that enables privilege escalation to higher-privilege simulator roles. The documented impact is unauthorized operations against simulation parameters, training configuration, and training records. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N, matching a network-reachable, no-authentication, no-user-interaction issue with high confidentiality and integrity impact. Affected versions are listed as AVEVA Pipeline Simulation <=2025_SP1_build_7.1.9497.6351, with remediation available in 2025 SP1 P01 (build 7.1.9580.8513) or later.
Defensive priority
Urgent. This is a critical, unauthenticated, network-facing privilege escalation affecting industrial simulation and training data integrity.
Recommended defensive actions
- Upgrade AVEVA Pipeline Simulation to 2025 SP1 P01 (build 7.1.9580.8513) or later.
- Restrict network access to Pipeline Simulation Server API nodes so only trusted client systems can connect.
- Enable TLS for all API communications and protect server certificates.
- Review exposure of any Pipeline Simulation services that may be reachable beyond trusted management networks.
- Check simulator and training records for unauthorized changes consistent with privilege misuse.
Evidence notes
This debrief is based on the supplied CISA CSAF advisory for ICSA-26-106-04 / CVE-2026-5387, published and modified on 2026-04-16T06:00:00.000Z. The source advisory explicitly states the unauthenticated privilege-escalation impact and the fixed build. The provided corpus does not include exploit code or a KEV listing, and no active threat/campaign use is recorded in the supplied enrichment.
Official resources
-
CVE-2026-5387 CVE record
CVE.org
-
CVE-2026-5387 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published the advisory on 2026-04-16T06:00:00.000Z, with the same timestamp used for the advisory revision in the supplied corpus. The revision history notes an initial republication of AVEVA-2026-004. No KEV date is present in the 제공된