CVE-2026-1694
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk6th percentile - higher than 6% of all known CVEs
Summary
A vulnerability in PcVue (versions 12.0.0 through 16.3.3) causes HTTP headers to be added by the default IIS and ASP.NET configuration, which are not removed during the deployment of web services for WebVue, WebScheduler, TouchVue, and SnapVue features. This unnecessarily exposes sensitive server configuration information.
Risk Assessment
The organization risks leaking server configuration details, which could facilitate targeted attacks on the IT infrastructure.
Recommendation
It is recommended to immediately update PcVue to version 16.3.4 or later and manually remove unnecessary HTTP headers in the IIS and ASP.NET configuration.
Original NVD description (English source)
HTTP headers are added by the default configuration of IIS and ASP.net, and are not removed at the deployment phase of the webservices used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It unnecessarily exposes sensitive information about the server configuration.

