Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ Manufacturing Execution System 2023 R2

TABLE OF CONTENTS

Security information and guidance

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedOct 29, 2025
  • 1 minute read

AVEVA is committed to releasing secure products. This section is intended to provide relevant security-related information to guide your installation or upgrade decision.

AVEVA proactively discloses aggregate information about the number and severity of security vulnerabilities addressed in each release. The table below provides an overview of security issues mitigated and their relative severity based on standard scoring.

Security vulnerabilities mitigated

The following vulnerabilities were identified for mitigation in this release.

Component

Version

CVE or Reference

CVSS

Mitigation

IdentityServer3.AccessTokenValidation

2.14.0

CVE-2017-12677

6.1

MES uses IdentityServer in its Web API, however MES Web API does not serve pages, therefore the product is not directly exposed to this vulnerability.

Microsoft Web Deploy

3.5

CVE-2025-53772

8.8

Prior to installing MES, complete the following:

  1. Download Web Deploy v4.0 (Version 10.0.2001, published August 13, 2025) from the official Microsoft download site. The installer filename is webdeploy_amd64_en-US.msi.

  2. If you have an earlier version of Web Deploy installed, uninstall it.

  3. After removing the previous version, install Web Deploy v4.0.

  4. Once Web Deploy v4.0 has been installed, proceed with the MES installation.

TitleResults for “How to create a CRG?”Also Available in