OAuth Grant Vulnerability in PcVue WebServices
CVE-2026-1693

5.3MEDIUM

Key Information:

Vendor

Arcinfo

Status
Vendor
CVE Published:
26 February 2026

Badges

👾 Exploit Exists

What is CVE-2026-1693?

The OAuth grant type Resource Owner Password Credentials (ROPC) flow remains implemented in the web services utilized by PcVue's WebVue, WebScheduler, TouchVue, and Snapvue features, even though it has been deprecated. This can present a potential risk, as remote attackers might exploit this flaw to illegally obtain user credentials, highlighting the importance of securing these interfaces against unauthorized access.

Affected Version(s)

PcVue 16.0.0 <= 16.3.3

PcVue 15.0.0 <= 15.2.13

PcVue 12.0.0

References

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.