CVE-2021-38410

Description

AVEVA Software Platform Common Services (PCS) Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search path element, which may allow an attacker control to one or more locations in the search path.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

AVEVA / Platform Common Services (PCS) Portal4.5.2 – 4.5.2
AVEVA / Platform Common Services (PCS) Portal4.5.1 – 4.5.1
AVEVA / Platform Common Services (PCS) Portal4.5.0 – 4.5.0
AVEVA / Platform Common Services (PCS) Portal4.4.6 – 4.4.6

References

VENDOR_ADVISORYhttps://www.cisa.gov/uscert/ics/advisories/icsa-21-252-01
MISChttps://www.aveva.com/en/support-and-success/cyber-security-updates/