AVEVA Software Platform Common Services (PCS) Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search path element, which may allow an attacker control to one or more locations in the search path.
References
Link | Resource |
---|---|
https://www.aveva.com/en/support-and-success/cyber-security-updates/ | Vendor Advisory |
https://www.cisa.gov/uscert/ics/advisories/icsa-21-252-01 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
|
History
04 Aug 2022, 02:48
Type | Values Removed | Values Added |
---|---|---|
First Time |
Aveva mobile Operator
Aveva batch Management Aveva enterprise Data Management Aveva work Tasks Aveva system Platform Aveva platform Common Services Aveva manufacturing Execution System Aveva |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
References | (CONFIRM) https://www.cisa.gov/uscert/ics/advisories/icsa-21-252-01 - Third Party Advisory, US Government Resource | |
References | (CONFIRM) https://www.aveva.com/en/support-and-success/cyber-security-updates/ - Vendor Advisory | |
CWE | CWE-427 | |
CPE | cpe:2.3:a:aveva:platform_common_services:4.4.6:*:*:*:*:*:*:* cpe:2.3:a:aveva:enterprise_data_management:2020:*:*:*:*:*:*:* cpe:2.3:a:aveva:system_platform:2020:r2:*:*:*:*:*:* cpe:2.3:a:aveva:platform_common_services:4.5.0:*:*:*:*:*:*:* cpe:2.3:a:aveva:manufacturing_execution_system:2020:*:*:*:*:*:*:* cpe:2.3:a:aveva:platform_common_services:4.5.1:*:*:*:*:*:*:* cpe:2.3:a:aveva:mobile_operator:2020:*:*:*:*:*:*:* cpe:2.3:a:aveva:system_platform:2020:r2_p01:*:*:*:*:*:* cpe:2.3:a:aveva:work_tasks:2020:update_1:*:*:*:*:*:* cpe:2.3:a:aveva:platform_common_services:4.5.2:*:*:*:*:*:*:* cpe:2.3:a:aveva:work_tasks:2020:-:*:*:*:*:*:* cpe:2.3:a:aveva:batch_management:2020:*:*:*:*:*:*:* cpe:2.3:a:aveva:system_platform:2020:-:*:*:*:*:*:* |
27 Jul 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-07-27 21:15
Updated : 2023-12-10 14:35
NVD link : CVE-2021-38410
Mitre link : CVE-2021-38410
CVE.ORG link : CVE-2021-38410
JSON object : View
Products Affected
aveva
- system_platform
- mobile_operator
- work_tasks
- batch_management
- enterprise_data_management
- manufacturing_execution_system
- platform_common_services
CWE
CWE-427
Uncontrolled Search Path Element