arcinformatique CVE Vulnerabilities & Metrics

Focus on arcinformatique vulnerabilities and metrics.

Last updated: 29 Mar 2026, 22:25 UTC

About arcinformatique Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with arcinformatique. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total arcinformatique CVEs: 10
Earliest CVE date: 24 Aug 2022, 16:15 UTC
Latest CVE date: 26 Feb 2026, 08:16 UTC

Latest CVE reference: CVE-2026-1698

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 7

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): -100.0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): -100.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical arcinformatique CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 0.0

Max CVSS: 0

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	10
4.0-6.9	0
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS arcinformatique CVEs

These are the five CVEs with the highest CVSS scores for arcinformatique, sorted by severity first and recency.

CVE-2026-1698 arcinformatique Published on 26 Feb 2026, 08:16 UTC (CVSS: 0)
A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior. This vulnerability only affects the endpoints /Authentication/ExternalLogin, /Authentication/AuthorizationCodeCallback and /Authentication/Logout of the WebClient a...
CVE-2026-1697 arcinformatique Published on 26 Feb 2026, 08:16 UTC (CVSS: 0)
The Secure and SameSite attribute are missing in the GraphicalData web services and WebClient web app of PcVue in version 12.0.0 through 16.3.3 included.
CVE-2026-1696 arcinformatique Published on 26 Feb 2026, 08:16 UTC (CVSS: 0)
Some HTTP security headers are not properly set by the web server when sending responses to the client application.
CVE-2026-1695 arcinformatique Published on 26 Feb 2026, 08:16 UTC (CVSS: 0)
An XSS vulnerability affects the OAuth web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to trick a legitimate user into loading content from another site upon unsuccessful user authentication on an unknown application (unknown client_id). This vulnerability only affects the error pa...
CVE-2026-1694 arcinformatique Published on 26 Feb 2026, 08:16 UTC (CVSS: 0)
HTTP headers are added by the default configuration of IIS and ASP.net, and are not removed at the deployment phase of the webservices used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It unnecessarily exposes sensitive information about the server configuration.

All CVEs for arcinformatique

CVE-2026-1698 arcinformatique vulnerability CVSS: 0 26 Feb 2026, 08:16 UTC

A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior. This vulnerability only affects the endpoints /Authentication/ExternalLogin, /Authentication/AuthorizationCodeCallback and /Authentication/Logout of the WebClient and WebScheduler web apps.

CVE-2026-1697 arcinformatique vulnerability CVSS: 0 26 Feb 2026, 08:16 UTC

The Secure and SameSite attribute are missing in the GraphicalData web services and WebClient web app of PcVue in version 12.0.0 through 16.3.3 included.

CVE-2026-1696 arcinformatique vulnerability CVSS: 0 26 Feb 2026, 08:16 UTC

Some HTTP security headers are not properly set by the web server when sending responses to the client application.

CVE-2026-1695 arcinformatique vulnerability CVSS: 0 26 Feb 2026, 08:16 UTC

An XSS vulnerability affects the OAuth web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to trick a legitimate user into loading content from another site upon unsuccessful user authentication on an unknown application (unknown client_id). This vulnerability only affects the error page of the OAuth server.

CVE-2026-1694 arcinformatique vulnerability CVSS: 0 26 Feb 2026, 08:16 UTC

HTTP headers are added by the default configuration of IIS and ASP.net, and are not removed at the deployment phase of the webservices used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It unnecessarily exposes sensitive information about the server configuration.

CVE-2026-1693 arcinformatique vulnerability CVSS: 0 26 Feb 2026, 08:16 UTC

The OAuth grant type Resource Owner Password Credentials (ROPC) flow is still used by the werbservices used by the WebVue, WebScheduler, TouchVue and Snapvue features of PcVue in version 12.0.0 through 16.3.3 included despite being deprecated. It might allow a remote attacker to steal user credentials.

CVE-2026-1692 arcinformatique vulnerability CVSS: 0 26 Feb 2026, 08:16 UTC

A missing origin validation in WebSockets vulnerability affects the GraphicalData web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to lure a successfully authenticated user to a malicious website. This vulnerability only affects the following two endpoints: GraphicalData/js/signalR/connect and GraphicalData/js/signalR/reconnect.

CVE-2022-4312 arcinformatique vulnerability CVSS: 0 12 Dec 2022, 18:15 UTC

A cleartext storage of sensitive information vulnerability exists in PcVue versions 8.10 through 15.2.3. This could allow an unauthorized user with access the email and short messaging service (SMS) accounts configuration files to discover the associated simple mail transfer protocol (SMTP) account credentials and the SIM card PIN code. Successful exploitation of this vulnerability could allow an unauthorized user access to the underlying email account and SIM card.

CVE-2022-4311 arcinformatique vulnerability CVSS: 0 12 Dec 2022, 18:15 UTC

An insertion of sensitive information into log file vulnerability exists in PcVue versions 15 through 15.2.2. This could allow a user with access to the log files to discover connection strings of data sources configured for the DbConnect, which could include credentials. Successful exploitation of this vulnerability could allow other users unauthorized access to the underlying data sources.

CVE-2022-2569 arcinformatique vulnerability CVSS: 0 24 Aug 2022, 16:15 UTC

The affected device stores sensitive information in cleartext, which may allow an authenticated user to access session data stored in the OAuth database belonging to legitimate users