2 matches found
CVE-2023-6132
The CVE-2023-6132 issue affects AVEVA Edge (InduSoft Web Studio lineage) and is caused by an Uncontrolled Search Path Element that can let a local attacker trick AVEVA Edge into loading an unsafe DLL, enabling arbitrary code execution and privilege escalation. Affected products/versions include A...
CVE-2021-38410
CVE-2021-38410 affects AVEVA Software Platform Common Services (PCS) Portal versions 4.5.2, 4.5.1, 4.5.0 and 4.4.6, vulnerable to DLL hijacking via an uncontrolled search path element. The root cause is search-path manipulation that can allow an attacker to load a malicious DLL from a location sp...