External risk intelligence

Attacker can gain admin control over simulation software

CVE advisorySeverity: CRITICAL (CVSS 9.3)

CVE-2026-5387

An external attacker could gain unauthorized administrative access to AVEVA simulation software by bypassing security checks. This allows them to alter sensitive training records and system settings, potentially compromising training data integrity and simulation operations.

2Halo Surface Signal

Privilege Escalation

External exposure likelihood

Halo Surface Signal score for CVE-2026-5387

AVEVA simulation software is typically deployed within protected industrial or corporate networks for internal training purposes. While it is network-reachable within these specific environments, it is not designed to be exposed to the public internet, and standard deployment patterns involve isolating these systems behind internal access controls.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Horizon Alert

Summary of the vulnerability and why it matters

This issue allows unauthorized users to gain administrative control over simulation software. This means they could change training parameters, modify configurations, or alter training records without proper authorization.

  • Unauthenticated access is possible.
  • Potential for critical data manipulation.
  • Affects simulation and training systems.

Attack Path

How an attacker could exploit the issue

An unauthenticated attacker can exploit this flaw by sending specially crafted requests to the affected software. This would allow them to bypass authorization controls and gain administrative privileges. With these elevated privileges, they could then modify critical simulation settings, training configurations, and training records without detection.

  • Network access required.
  • Target the simulation software's API.
  • No user interaction needed.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability presents a significant risk as an unauthenticated attacker could gain administrator-level privileges to modify simulation parameters, training configurations, and records. The critical nature stems from the potential to alter the integrity of training data and operational simulations, impacting how personnel are prepared for real-world scenarios.

  • No public exploit observed.
  • No KEV listing.
  • Vendor security bulletin published.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Teams should prioritize securing administrative functions within AVEVA simulation software to prevent unauthorized privilege escalation. Focus on identifying all instances of the affected software and assessing the potential impact of unauthorized configuration changes.

  • Block all unauthenticated access.
  • Isolate affected systems immediately.
  • Monitor for unauthorized administrative actions.

Frequently asked questions

What is AVEVA simulation software and what is it used for?

AVEVA simulation software is used for creating and managing training environments. It allows for the modification of simulation parameters, training configurations, and training records, which is crucial for preparing personnel for real-world scenarios.

What weakness class does CVE-2026-5387 relate to?

CVE-2026-5387 relates to a weakness classified as CWE-862, which indicates a missing authentication for critical function. This means the software does not properly verify user identity before allowing access to sensitive operations.

What are the preconditions for exploiting CVE-2026-5387?

An unauthenticated attacker can exploit this vulnerability by sending specially crafted requests to the affected software. Network access to the simulation software's API is required, and no user interaction is needed for the exploit to be triggered.

Who should be concerned about CVE-2026-5387, considering its access profile?

Organizations using AVEVA simulation software should be concerned. This software is typically deployed within protected industrial or corporate networks for internal training, meaning it's network-reachable internally but not usually exposed to the public internet. [cite:Halo Surface Signal]

What are the first steps for teams running this technology?

Teams should focus on securing administrative functions within the AVEVA simulation software. This includes identifying all instances of the affected software, blocking unauthenticated access, and isolating affected systems immediately to prevent unauthorized configuration changes.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified