AVEVA Process Optimization
Act Now10ICS-CERT ICSA-26-015-01Jan 15, 2026
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
AVEVA Process Optimization contains multiple critical vulnerabilities including remote code execution (CWE-94), SQL injection (CWE-89), privilege escalation (CWE-862), and information disclosure. These can be exploited by an attacker with network access to the taoimr service (default ports 8888/8889) without authentication. Successful exploitation enables arbitrary code execution, data manipulation, privilege escalation, and unauthorized access to sensitive operational and configuration information.
What this means
What could happen
An attacker with network access to AVEVA Process Optimization could execute arbitrary code, modify data via SQL injection, escalate privileges, or steal sensitive information. This could enable direct manipulation of process parameters, disruption of optimization functions, or unauthorized access to plant configuration and operational data.
Who's at risk
Operators and engineers using AVEVA Process Optimization for real-time process monitoring and optimization. This affects facilities running optimization software on their operations network, including refineries, chemical plants, and similar process industries where optimization is critical to production control.
How it could be exploited
An attacker on the network can send specially crafted requests to the taoimr service (listening on port 8888/8889 by default) without authentication to trigger code execution or SQL injection vulnerabilities. Successful exploitation grants remote code execution on the Process Optimization server, allowing manipulation of industrial processes or exfiltration of sensitive configuration data.
Prerequisites
- Network access to Process Optimization taoimr service on port 8888 or 8889
- No valid credentials required
- Default service configuration (listening on standard ports)
Remotely exploitableNo authentication requiredLow complexity attackCVSS 10.0 (critical)Multiple vulnerability classes (code execution, SQL injection, privilege escalation)Affects process optimization—a core operational control function
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
Process Optimization: <=2024.1≤ 2024.1v2025
Remediation & Mitigation
0/4
Do now
0/2WORKAROUNDConfigure host and/or network firewall rules to restrict taoimr service (port 8888/8889) to traffic from trusted sources only
HARDENINGApply ACLs to Process Optimization installation and data folders to restrict write-access to authorized users only
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HOTFIXUpdate AVEVA Process Optimization to v2025 or later
HARDENINGMaintain chain-of-custody controls on Process Optimization project files during creation, modification, distribution, backups, and deployment
CVEs (7)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/c94f88d3-85bc-4b0f-ac52-0516be37e0aa