CVE-2021-38410
published 2022-07-27CVE-2021-38410: AVEVA Software Platform Common Services (PCS) Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search…
PriorityP335high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
0.21%
11.5th percentile
AVEVA Software Platform Common Services (PCS) Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search path element, which may allow an attacker control to one or more locations in the search path.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| aveva | batch_management | — | — |
| aveva | enterprise_data_management | — | — |
| aveva | manufacturing_execution_system | — | — |
| aveva | mobile_operator | — | — |
| aveva | platform_common_services | — | — |
| aveva | platform_common_services | — | — |
| aveva | platform_common_services | — | — |
| aveva | platform_common_services | — | — |
| aveva | platform_common_services_portal | — | — |
| aveva | platform_common_services_portal | — | — |
| aveva | platform_common_services_portal | — | — |
| aveva | platform_common_services_portal | — | — |
| aveva | system_platform | — | — |
| aveva | work_tasks | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w785-44wh-9wr3: AVEVA Software Platform Common Services (PCS) Portal versions 4
ghsa_unreviewed·2022-07-28
CVE-2021-38410 [HIGH] CWE-427 GHSA-w785-44wh-9wr3: AVEVA Software Platform Common Services (PCS) Portal versions 4
AVEVA Software Platform Common Services (PCS) Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search path element, which may allow an attacker control to one or more locations in the search path.
CISA ICS
AVEVA PCS Portal
cisa_ics·2021-09-09·CVSS 7.3
[HIGH] AVEVA PCS Portal
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
AVEVA PCS Portal
Last RevisedSeptember 09, 2021
Alert CodeICSA-21-252-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.3
- ATTENTION: Low attack complexity
- Vendor: AVEVA
- Equipment: Platform Common Services (PCS) Portal
- Vulnerability: Uncontrolled Search Path Element
## 2. RISK EVALUATION
The DLL hijacking vulnerability in the Platform Common Services (PCS) Portal, if exploited, could allow malicious code execution within the context of the PCS Portal application.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of the AVEVA Software Platform Common Se
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-07-27
Published