Lucene search

[email protected]NVD:CVE-2021-38410

HistoryJul 27, 2022 - 9:15 p.m.

CVE-2021-38410

2022-07-2721:15:08

CWE-427

[email protected]

web.nvd.nist.gov

cve-2021-38410

aveva pcs

dll hijacking

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

28.7%

JSON

AVEVA Software Platform Common Services (PCS) Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search path element, which may allow an attacker control to one or more locations in the search path.

Affected configurations

Nvd

Node

avevabatch_managementMatch2020

avevaenterprise_data_managementMatch2020

avevamanufacturing_execution_systemMatch2020

avevamobile_operatorMatch2020

avevaplatform_common_servicesMatch4.4.6

avevaplatform_common_servicesMatch4.5.0

avevaplatform_common_servicesMatch4.5.1

avevaplatform_common_servicesMatch4.5.2

avevasystem_platformMatch2020-

avevasystem_platformMatch2020r2

avevasystem_platformMatch2020r2_p01

avevawork_tasksMatch2020-

avevawork_tasksMatch2020update_1

VendorProductVersionCPE
avevabatch_management2020cpe:2.3:a:aveva:batch_management:2020:*:*:*:*:*:*:*
avevaenterprise_data_management2020cpe:2.3:a:aveva:enterprise_data_management:2020:*:*:*:*:*:*:*
avevamanufacturing_execution_system2020cpe:2.3:a:aveva:manufacturing_execution_system:2020:*:*:*:*:*:*:*
avevamobile_operator2020cpe:2.3:a:aveva:mobile_operator:2020:*:*:*:*:*:*:*
avevaplatform_common_services4.4.6cpe:2.3:a:aveva:platform_common_services:4.4.6:*:*:*:*:*:*:*
avevaplatform_common_services4.5.0cpe:2.3:a:aveva:platform_common_services:4.5.0:*:*:*:*:*:*:*
avevaplatform_common_services4.5.1cpe:2.3:a:aveva:platform_common_services:4.5.1:*:*:*:*:*:*:*
avevaplatform_common_services4.5.2cpe:2.3:a:aveva:platform_common_services:4.5.2:*:*:*:*:*:*:*
avevasystem_platform2020cpe:2.3:a:aveva:system_platform:2020:-:*:*:*:*:*:*
avevasystem_platform2020cpe:2.3:a:aveva:system_platform:2020:r2:*:*:*:*:*:*

Vendor	Product	Version	CPE
aveva	batch_management	2020	cpe:2.3:a:aveva:batch_management:2020:::::::*
aveva	enterprise_data_management	2020	cpe:2.3:a:aveva:enterprise_data_management:2020:::::::*
aveva	manufacturing_execution_system	2020	cpe:2.3:a:aveva:manufacturing_execution_system:2020:::::::*
aveva	mobile_operator	2020	cpe:2.3:a:aveva:mobile_operator:2020:::::::*
aveva	platform_common_services	4.4.6	cpe:2.3:a:aveva:platform_common_services:4.4.6:::::::*
aveva	platform_common_services	4.5.0	cpe:2.3:a:aveva:platform_common_services:4.5.0:::::::*
aveva	platform_common_services	4.5.1	cpe:2.3:a:aveva:platform_common_services:4.5.1:::::::*
aveva	platform_common_services	4.5.2	cpe:2.3:a:aveva:platform_common_services:4.5.2:::::::*
aveva	system_platform	2020	cpe:2.3:a:aveva:system_platform:2020:-::::::
aveva	system_platform	2020	cpe:2.3:a:aveva:system_platform:2020:r2::::::

Rows per page:

1-10 of 131

References

www.aveva.com/en/support-and-success/cyber-security-updates/

www.cisa.gov/uscert/ics/advisories/icsa-21-252-01

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

28.7%

JSON

Related for NVD:CVE-2021-38410

cvelist1 ics1 prion1 cve1