Lucene search

[email protected]NVD:CVE-2021-38410

HistoryJul 27, 2022 - 9:15 p.m.

CVE-2021-38410

2022-07-2721:15:08

CWE-427

[email protected]

web.nvd.nist.gov

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

28.8%

JSON

AVEVA Software Platform Common Services (PCS) Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search path element, which may allow an attacker control to one or more locations in the search path.

Affected configurations

NVD

Node

avevabatch_managementMatch2020

avevaenterprise_data_managementMatch2020

avevamanufacturing_execution_systemMatch2020

avevamobile_operatorMatch2020

avevaplatform_common_servicesMatch4.4.6

avevaplatform_common_servicesMatch4.5.0

avevaplatform_common_servicesMatch4.5.1

avevaplatform_common_servicesMatch4.5.2

avevasystem_platformMatch2020-

avevasystem_platformMatch2020r2

avevasystem_platformMatch2020r2_p01

avevawork_tasksMatch2020-

avevawork_tasksMatch2020update_1

References

www.aveva.com/en/support-and-success/cyber-security-updates/

www.cisa.gov/uscert/ics/advisories/icsa-21-252-01

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

28.8%

JSON

Related for NVD:CVE-2021-38410

cvelist1 ics1 prion1 cve1