Seven vulnerabilities had been disclosed in Course of Optimization (previously ROMeo) 2024.1 and earlier on January 13, 2026, together with a essential flaw enabling unauthenticated SYSTEM-level distant code execution.
Probably the most extreme vulnerability allows unauthenticated attackers to realize distant code execution underneath system privileges, posing an instantaneous danger to industrial course of management environments worldwide.
The first risk stems from a essential code injection vulnerability within the utility’s API layer. An unauthenticated attacker can exploit this flaw to execute arbitrary code with full system privileges on the “taoimr” service.
Probably compromising your complete Mannequin Utility Server and related infrastructure.
Vulnerability Abstract
This assault requires no consumer interplay, is low-complexity, and could be executed remotely over the community, making it exceptionally harmful for organizations working susceptible variations.
Further extreme vulnerabilities embrace code injection through macro performance that permits authenticated customers to escalate from customary OS consumer to system-level privileges.
CVE IDTypeCVSS v4.0SeverityImpactCVE-2025-61937Remote Code Execution (API)10.0CriticalUnauthenticated RCE underneath system privilegesCVE-2025-64691Code Injection (Macros)9.3CriticalPrivilege escalation through TCL scriptsCVE-2025-61943SQL Injection9.3CriticalSQL Server admin code executionCVE-2025-65118DLL Hijacking9.3CriticalSystem privilege escalationCVE-2025-64729Missing ACLs8.6HighProject file tampering & privilege escalationCVE-2025-65117Embedded OLE Objects8.5HighMalicious content material deliveryCVE-2025-64769Cleartext Transmission7.6HighData interception through Man-in-the-Center
SQL injection flaws within the Captive Historian part that grant attackers SQL Server administrative entry.
A DLL hijacking vulnerability allows authenticated customers to load arbitrary code and elevate their privileges to system-level.
These assault vectors collectively show subtle exploitation pathways that would fully compromise affected techniques.
AVEVA recommends speedy motion: organizations ought to improve to AVEVA Course of Optimization 2025 or greater to patch all recognized vulnerabilities.
As an interim defensive measure, directors ought to implement community firewall guidelines limiting the taoimr service (default ports 8888/8889) to trusted sources solely.
Apply strict entry management lists to set up and information folders, and preserve rigorous change administration for undertaking recordsdata.
The vulnerabilities had been found throughout a deliberate penetration check by Veracode safety researcher Christopher Wu and coordinated with CISA.
Organizations working AVEVA Course of Optimization environments ought to prioritize patching instantly to forestall exploitation of those essential flaws of their industrial management techniques infrastructure.
Comply with us on Google Information, LinkedIn, and X for each day cybersecurity updates. Contact us to function your tales.
