CVE-2026-1693

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions PcVue versions 12.0.0 through 16.3.3

Description The OAuth grant type Resource Owner Password Credentials (ROPC) flow is still utilized by the web services supporting the WebVue, WebScheduler, TouchVue, and Snapvue features. This practice, despite the flow being deprecated, could enable a remote attacker to obtain user credentials.

Recommendations Versions 12.0.0 through 16.3.3 should discontinue the use of the Resource Owner Password Credentials (ROPC) OAuth grant type flow for the WebVue, WebScheduler, TouchVue, and Snapvue features.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-477CWE-1390

Related Identifiers

CVE-2026-1693

Affected Products

Pcvue

Snapvue

Touchvue

Web Schedule

Webvue

CVE-2026-1693

Weakness Enumeration

Related Identifiers

Affected Products

References · 8