IIS and ASP.NET Configuration Vulnerability in PcVue Products
CVE-2026-1694

2.3LOW

Key Information:

Vendor

Arcinfo

Status
Vendor
CVE Published:
26 February 2026

Badges

👾 Exploit Exists

What is CVE-2026-1694?

The default configuration of IIS and ASP.NET used in PcVue applications fails to adequately secure HTTP headers, leaving sensitive server information exposed. This vulnerability affects multiple features, including WebVue, WebScheduler, TouchVue, and SnapVue across versions 12.0.0 to 16.3.3. The lack of removal of sensitive data during deployment increases the risk of server configuration exposure, prompting a need for immediate review and remediation by administrators.

Affected Version(s)

PcVue 16.0.0 <= 16.3.3

PcVue 15.0.0 <= 15.2.13

PcVue 12.0.0

References

CVSS V4

Score:
2.3
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.