Back

Topic

[KB1254]Compatibility break

Tags: Compatibility, Security

Upgrade issues
4 days ago
By BO
Options
Print
Applies to:
PcVue 16.3.1, PcVue 15.2.12, PcVue 12.0.31
Summary:
Security features have been implemented in versions 16.3.1, 15.2.12 and 12.0.31 to protect PcVue networking messages. This feature causes a compatibility issue with older versions.
Details:

The discovery of vulnerabilites in the PcVue client/server networking feature resulted in major fixes (see the security bulletin SB2025-4).
These fixes include the addition of security features to ensure the confidentiality and integrity of the messages exchanged between PcVue stations.

As this security feature is activated by default for new projects but also for migrated project (e.g. from version 16.2 to 16.3.1), users may experience communication issues between PcVue stations.

An updated station won’t be able to communicate with a not updated station. This situation will remain until all the stations have been migrated.

During this transient stage, the following warnings are logged and displayed in the event viewer :

2025/09/01,10:37:27.760,3,D,,3388,,11,Networking message version of station SERVER1 = 163000
2025/09/01,10:37:27.760,3,W,,3712,,11, Networking, the version ‘163000’ of the remote station ‘SERVER1’ is not compatible due to security constraints
2025/09/01,10:37:27.760,3,W,,3072,,11,Client->server connection CLIENT10C -> SERVER10S is aborted

2025/09/01,10:37:46.228,3,I,,3070,,11,Server->client connection CLIENT10S -> SERVER10C is OK
2025/09/01,10:37:46.230,3,W,,3716,,11,Networking, connection CLIENT10S -> SERVER10C is not secure, the remote node ‘DATASERVER10’ must not alter the security or the local node must allow it
2025/09/01,10:37:46.230,3,W,,3142,,11,Server->client connection CLIENT10S -> SERVER10C is rejected

The Allow stations with altered security option has been implemented to disable the security feature if the migration is to be carried out in several stages and take some time. 
This option can be found in the Networking settings :

Settings
Settings

or in the advanced part of a station node:

node
node

A whitelist filter has also been implemented to control which IP addresses are authorised to connect to the station.
This withelist is defined by the Networking configuration. This control can be disabled by selecting the Allow any node adresses option.

When selecting the allow stations with altered security option, keep in mind that the stations will be exposed to the discovered vulnerabilities.

Created on: 22 Sep 2025