Privilege Escalation Vulnerability in AVEVA's Simulation Software
CVE-2026-5387

9.3CRITICAL

Key Information:

Vendor: Aveva
Status: Pipeline Simulation 2025
Vendor: CVE Published:; 15 April 2026

What is CVE-2026-5387?

A vulnerability in AVEVA's simulation software enables an unauthenticated user to execute operations reserved for Simulator Instructors or Developers. This could lead to unauthorized privilege escalation, allowing the intruder to alter simulation parameters, modify training configurations, and access sensitive training records, compromising the integrity of training environments.

Affected Version(s)

Pipeline Simulation 2025 0 <= 2025 SP1 (build 7.1.9497.6351)

References

https://www.aveva.com/content/dam/aveva/documents/support...

https://softwaresupportsp.aveva.com/en-US/downloads/produ...

https://www.cisa.gov/news-events/ics-advisories/icsa-26-1...

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2026
Vulnerability Reserved
Apr 1, 2026

CVE-2026-5387 Data

JSON

Aveva

What is CVE-2026-5387?

Affected Version(s)

References

CVSS V4

Timeline