CVE-2021-38410

EUVD-2021-24862
AVEVA Software Platform Common Services (PCS) Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search path element, which may allow an attacker control to one or more locations in the search path.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.3 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
icscertCNA
7.3 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
Affected Products (NVD)
VendorProductVersion
avevaplatform_common_services
4.4.6
avevaplatform_common_services
4.5.0
avevaplatform_common_services
4.5.1
avevaplatform_common_services
4.5.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.aveva.com/en/support-and-success/cyber-security-updates/
https://www.cisa.gov/uscert/ics/advisories/icsa-21-252-01
https://www.aveva.com/en/support-and-success/cyber-security-updates/
https://www.cisa.gov/uscert/ics/advisories/icsa-21-252-01