Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-38410

AVEVA Software Platform Common Services (PCS) Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search path element, which may allow an attacker control to one or more locations in the search path.

Published

2022-07-27T21:15:08.523

Last Modified

2025-04-17T16:15:23.570

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.3 (HIGH)

Weaknesses

Type: Primary
CWE-427
Type: Secondary
CWE-427

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	aveva	batch_management	2020	Yes
Application	aveva	enterprise_data_management	2020	Yes
Application	aveva	manufacturing_execution_system	2020	Yes
Application	aveva	mobile_operator	2020	Yes
Application	aveva	platform_common_services	4.4.6	Yes
Application	aveva	platform_common_services	4.5.0	Yes
Application	aveva	platform_common_services	4.5.1	Yes
Application	aveva	platform_common_services	4.5.2	Yes
Application	aveva	system_platform	2020	Yes
Application	aveva	system_platform	2020	Yes
Application	aveva	system_platform	2020	Yes
Application	aveva	work_tasks	2020	Yes
Application	aveva	work_tasks	2020	Yes

References

https://www.aveva.com/en/support-and-success/cyber-security-updates/ Vendor Advisory ([email protected])
https://www.cisa.gov/uscert/ics/advisories/icsa-21-252-01 Third Party Advisory, US Government Resource ([email protected])
https://www.aveva.com/en/support-and-success/cyber-security-updates/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/uscert/ics/advisories/icsa-21-252-01 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)