OTPulse
FeedAboutContact

ARC Informatique PcVue

Monitor5.5ICS-CERT ICSA-22-354-03Dec 20, 2022
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

PcVue versions 8.10 through 15.2.3 store sensitive data including email account credentials, SIM card information, and other secrets in an unencrypted or inadequately protected manner on the local file system. A user with a low-privilege account on the PcVue workstation can read these files and extract the credentials without additional authentication, allowing access to email accounts and potential lateral movement within the control system network.

What this means
What could happen
An attacker with local access to a PcVue workstation could read sensitive data including email credentials, SIM card information, and other stored credentials without requiring authentication. This could allow the attacker to pivot to other systems or intercept communications from your HMI/SCADA network.
Who's at risk
Organizations running ARC Informatique PcVue versions 8.10 through 15.2.3 (including PcVue 12.x up to 12.0.28 and 15.x up to 15.2.2) are affected. This impacts engineering workstations, HMI servers, and SCADA systems that rely on PcVue for water treatment, wastewater, power distribution, and other critical infrastructure operations.
How it could be exploited
An attacker with physical or local network access to a PcVue engineering workstation or server could directly read unencrypted credential files and other sensitive data stored on the system. No network protocols or remote exploitation needed—the attacker accesses the data through the file system.
Prerequisites
  • Local access to the PcVue workstation or system (physical or via local network share)
  • Low privilege user account on the PcVue system (PR:L in CVSS vector)
  • No special tools or exploits required—direct file system access
No patch available—vendor has not released a fixAffects stored credentials (email, SIM card, system accounts)Could enable lateral movement to other systemsAffects multiple versions across several product lines (8.10–15.x, 12.x)
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (3)
3 pending
ProductAffected VersionsFix Status
PcVue≥ 15 | ≤ 15.2.2No fix yet
PcVue≥ 8.10 | ≤ 15.2.3No fix yet
PcVue 12 products until≥ 12 | ≤ 12.0.28No fix yet
Remediation & Mitigation
0/5
Do now
0/2
PcVue
HARDENINGRestrict physical and local network access to PcVue workstations and servers—limit who can log in locally and access file systems
HARDENINGReview and audit file system permissions on PcVue systems to prevent low-privilege users from reading credential files
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

PcVue
HARDENINGEnsure all credential files and sensitive data on PcVue systems are encrypted at rest
HARDENINGIf remote access to PcVue is required, use a VPN and ensure the VPN client and server are kept fully patched
Long-term hardening
0/1
PcVue
HARDENINGIsolate PcVue workstations and servers from the business network and Internet using firewalls and air-gapping where possible
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/d8f723a3-48b1-4466-a339-7af90262fd69
ARC Informatique PcVue | CVSS 5.5 - OTPulse