CVE-2021-38410 — Uncontrolled Search Path Element in Platform Common Services Portal

CWE-427 — Uncontrolled Search Path Element3 documents3 sources

Severity

7.8HIGHNVD

CNA7.3

EPSS

0.1%

top 70.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Aveva Platform Common Services Portal Aveva Batch Management Aveva Enterprise Data Management +5 more

Timeline

PublishedJul 27

Latest updateJul 28

Description

AVEVA Software Platform Common Services (PCS) Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search path element, which may allow an attacker control to one or more locations in the search path.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages8 packages

▶CVEListV5aveva/platform_common_services_portal4 versions+3

▶NVDaveva/platform_common_services4 versions+3

▶NVDaveva/system_platform2020

▶NVDaveva/work_tasks2020

▶NVDaveva/mobile_operator2020

🔴Vulnerability Details

GHSA

GHSA-w785-44wh-9wr3: AVEVA Software Platform Common Services (PCS) Portal versions 4↗2022-07-28

▶

CVEList

AVEVA PCS Portal Uncontrolled Search Path Element↗2022-07-27

▶