cbcvebase.
CVE-2021-38410
published 2022-07-27

CVE-2021-38410: AVEVA Software Platform Common Services (PCS) Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search…

PriorityP335high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
0.21%
11.5th percentile
AVEVA Software Platform Common Services (PCS) Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search path element, which may allow an attacker control to one or more locations in the search path.

Affected

14 ranges
VendorProductVersion rangeFixed in
avevabatch_management
avevaenterprise_data_management
avevamanufacturing_execution_system
avevamobile_operator
avevaplatform_common_services
avevaplatform_common_services
avevaplatform_common_services
avevaplatform_common_services
avevaplatform_common_services_portal
avevaplatform_common_services_portal
avevaplatform_common_services_portal
avevaplatform_common_services_portal
avevasystem_platform
avevawork_tasks
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.