CVE-2026-1697

Summary

The Secure and SameSite attribute are missing in the GraphicalData web services and WebClient web app of PcVue in version 12.0.0 through 16.3.3 included.

Affected Software

VendorProductVersion RangeStatus
arcinfoPcVue16.0.0 <= 16.3.3affected
arcinfoPcVue15.0.0 <= 15.2.13affected
arcinfoPcVue12.0.0affected

Weaknesses

  • CWE-614: CWE-614 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
  • CWE-1275: CWE-1275 Sensitive Cookie with Improper SameSite Attribute

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References