QwikSec

Security Database

CVE

CWE

Training

CVE-2026-5387

Published: Apr 15, 2026

Modified: Apr 15, 2026

PUBLISHED

Description

The vulnerability, if exploited, could allow an unauthenticated miscreant to perform operations intended only for Simulator Instructor or Simulator Developer (Administrator) roles, resulting in privilege escalation with potential for modification of simulation parameters, training configuration, and training records.

Vendor	Product	Versions
AVEVA	Pipeline Simulation 2025	affected `0 - <= 2025 SP1 (build 7.1.9497.6351)`

Weaknesses (CWE)

References

https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2026-004.pdf

https://softwaresupportsp.aveva.com/en-US/downloads/products/details/57b79fdb-7b5f-4125-8a44-833b6b5c6d6f

https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-04

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-04.json

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.