HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2021-38410

CVSS 7.3v3.1pub. 2022-07-27upd. 2025-04-17

AVEVA Software Platform Common Services (PCS) Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search path element, which may allow an attacker control to one or more locations in the search path.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
  • Aveva Batch Management

    APP
    Aveva
    2020
  • Aveva Enterprise Data Management

    APP
    Aveva
    2020
  • Aveva Manufacturing Execution System

    APP
    Aveva
    2020
  • Aveva Mobile Operator

    APP
    Aveva
    2020
  • Aveva Platform Common Services

    APP
    Aveva
    4.4.64.5.04.5.14.5.2
  • Aveva System Platform

    APP
    Aveva
    2020
  • Aveva Work Tasks

    APP
    Aveva
    2020
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2023-6132HIGH7.3ten sam produkt

The vulnerability, if exploited, could allow a malicious entity with access to the file system to achieve arb...

CVE-2023-33873HIGH7.8ten sam produkt

This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standar...

CVE-2022-0835HIGH8.1ten sam produkt

AVEVA System Platform 2020 stores sensitive information in cleartext, which may allow access to an attacker or...

CVE-2021-33008HIGH8.8ten sam produkt

AVEVA System Platform versions 2017 through 2020 R2 P01 does not perform any authentication for functionality ...

CVE-2021-32977HIGH7.2ten sam produkt

AVEVA System Platform versions 2017 through 2020 R2 P01 does not verify, or incorrectly verifies, the cryptogr...