CVE-2022-2569

ARC Informatique PcVue

Description

The affected device stores sensitive information in cleartext, which may allow an authenticated user to access session data stored in the OAuth database belonging to legitimate users

Remediation

Solution:

  • PcVue 12: The fix is available in Maintenance release 12.0.27 After installing the fix, users should update the Web Deployment Console (WDC) and re-deploy the Web Server. All users using the affected component should install a patched release of the WDC and re-deploy the Web Server. This will allow the WDC to update and protect the database connection string, including clearing any sensitive information stored in the web.config file.

Workaround:

  • ARC Informatique has identified additional steps users can apply to reduce the risk: Uninstall the Web Server All users not using the affected component should uninstall the web server. The OAuth web service and its configuration are part of the Web Server for PcVue. If the system does not require Web & Mobile features, then users should not install them. Users should contact ARC Informatique’s PcVue Solutions for assistance with the above steps. For additional information, visit the public ARC Informatique security alert page.
  • PcVue 15 does not have a fix released yet, but is in the works.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.02%
Third-Party Advisory cisa.gov
Affected: ARC Informatique PcVue 12 OAuth web service configuration
Affected: ARC Informatique PcVue 15 OAuth web service configuration
Published at:
Updated at:

References

Link Tags
https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-01-0 patch third party advisory us government resource

Frequently Asked Questions

What is the severity of CVE-2022-2569?
CVE-2022-2569 has been scored as a medium severity vulnerability.
How to fix CVE-2022-2569?
To fix CVE-2022-2569: PcVue 12: The fix is available in Maintenance release 12.0.27 After installing the fix, users should update the Web Deployment Console (WDC) and re-deploy the Web Server. All users using the affected component should install a patched release of the WDC and re-deploy the Web Server. This will allow the WDC to update and protect the database connection string, including clearing any sensitive information stored in the web.config file.
Is CVE-2022-2569 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-2569 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-2569?
CVE-2022-2569 affects ARC Informatique PcVue 12 OAuth web service configuration, ARC Informatique PcVue 15 OAuth web service configuration.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.