IIS and ASP.NET Configuration Vulnerability in PcVue Products
CVE-2026-1694
2.3LOW
What is CVE-2026-1694?
The default configuration of IIS and ASP.NET used in PcVue applications fails to adequately secure HTTP headers, leaving sensitive server information exposed. This vulnerability affects multiple features, including WebVue, WebScheduler, TouchVue, and SnapVue across versions 12.0.0 to 16.3.3. The lack of removal of sensitive data during deployment increases the risk of server configuration exposure, prompting a need for immediate review and remediation by administrators.
Affected Version(s)
PcVue 16.0.0 <= 16.3.3
PcVue 15.0.0 <= 15.2.13
PcVue 12.0.0
