CVE-2021-38410
Last modified
CVE-2021-38410 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. AVEVA Software Platform Common Services (PCS) Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search path element, which may allow an attacker control to one or more locations in the search path.. EPSS estimates a 0.21% chance of exploitation in the next 30 days.
Description
AVEVA Software Platform Common Services (PCS) Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search path element, which may allow an attacker control to one or more locations in the search path.
Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Aveva | Batch Management | 2020 |
| Aveva | Enterprise Data Management | 2020 |
| Aveva | Manufacturing Execution System | 2020 |
| Aveva | Mobile Operator | 2020 |
| Aveva | Platform Common Services | 4.4.6 |
| Aveva | Platform Common Services | 4.5.0 |
| Aveva | Platform Common Services | 4.5.1 |
| Aveva | Platform Common Services | 4.5.2 |
| Aveva | System Platform | 2020 |
| Aveva | Work Tasks | 2020 |
References
- https://www.cisa.gov/uscert/ics/advisories/icsa-21-252-01Third Party Advisory, US Government Resource
- https://www.cisa.gov/uscert/ics/advisories/icsa-21-252-01Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-38410?
How severe is CVE-2021-38410?
How do I fix CVE-2021-38410?
Are you affected by CVE-2021-38410?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST