CVE-2021-38410

AVEVA Software Platform Common Services (PCS) Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search path element, which may allow an attacker control to one or more locations in the search path.

Published: Jul 27, 2022
Updated: Apr 14, 2023
CVE: CVE-2021-38410
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWEs:

CWE-427

Affected Software
References

Software	From	Fixed in
aveva / system_platform	2020-r2_p01	2020-r2_p01.x
aveva / system_platform	2020-r2	2020-r2.x
aveva / system_platform	2020	2020.x
aveva / platform_common_services	4.5.2	4.5.2.x
aveva / platform_common_services	4.5.1	4.5.1.x
aveva / platform_common_services	4.5.0	4.5.0.x
aveva / platform_common_services	4.4.6	4.4.6.x
aveva / batch_management	2020	2020.x
aveva / enterprise_data_management	2020	2020.x
aveva / manufacturing_execution_system	2020	2020.x
aveva / mobile_operator	2020	2020.x
aveva / work_tasks	2020	2020.x
aveva / work_tasks	2020-update_1	2020-update_1.x

Vulnerability Database

289,599

CVE-2021-38410