CVE-2021-38410

CVSS V2 None CVSS V3 High 7.8
Description
AVEVA Software Platform Common Services (PCS) Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search path element, which may allow an attacker control to one or more locations in the search path.
Overview
  • CVE ID
  • CVE-2021-38410
  • Assigner
  • ics-cert@hq.dhs.gov
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-07-27T21:15:08
  • Last Modified Date
  • 2022-08-04T02:48:06
Weakness Enumerations
CWE URL
CWE-427 http://cwe.mitre.org/data/definitions/427.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:aveva:batch_management:2020:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:aveva:enterprise_data_management:2020:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:aveva:manufacturing_execution_system:2020:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:aveva:mobile_operator:2020:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:aveva:platform_common_services:4.4.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:aveva:platform_common_services:4.5.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:aveva:platform_common_services:4.5.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:aveva:platform_common_services:4.5.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:aveva:system_platform:2020:-:*:*:*:*:*:* 1 OR
cpe:2.3:a:aveva:system_platform:2020:r2:*:*:*:*:*:* 1 OR
cpe:2.3:a:aveva:system_platform:2020:r2_p01:*:*:*:*:*:* 1 OR
cpe:2.3:a:aveva:work_tasks:2020:-:*:*:*:*:*:* 1 OR
cpe:2.3:a:aveva:work_tasks:2020:update_1:*:*:*:*:*:* 1 OR
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Attack Vector
  • LOCAL
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • REQUIRED
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • HIGH
  • Availability Impact
  • HIGH
  • Base Score
  • 7.8
  • Base Severity
  • HIGH
  • Exploitability Score
  • 1.8
  • Impact Score
  • 5.9
References
Reference URL Reference Tags
https://www.aveva.com/en/support-and-success/cyber-security-updates/
https://www.cisa.gov/uscert/ics/advisories/icsa-21-252-01
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2021-38410
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38410
History
Created Old Value New Value Data Type Notes
2022-07-27 22:00:45 Added to TrackCVE