CVE Catalog

CVE-2026-1694

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

6th percentile - higher than 6% of all known CVEs

Summary

A vulnerability in PcVue (versions 12.0.0 through 16.3.3) causes HTTP headers to be added by the default IIS and ASP.NET configuration, which are not removed during the deployment of web services for WebVue, WebScheduler, TouchVue, and SnapVue features. This unnecessarily exposes sensitive server configuration information.

Risk Assessment

The organization risks leaking server configuration details, which could facilitate targeted attacks on the IT infrastructure.

Recommendation

It is recommended to immediately update PcVue to version 16.3.4 or later and manually remove unnecessary HTTP headers in the IIS and ASP.NET configuration.

Original NVD description (English source)

HTTP headers are added by the default configuration of IIS and ASP.net, and are not removed at the deployment phase of the webservices used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It unnecessarily exposes sensitive information about the server configuration.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS