7.8
CVE-2021-38410
- EPSS 0.11%
- Veröffentlicht 27.07.2022 21:15:08
- Zuletzt bearbeitet 17.04.2025 16:15:23
- Quelle ics-cert@hq.dhs.gov
- Teams Watchlist Login
- Unerledigt Login
AVEVA Software Platform Common Services (PCS) Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search path element, which may allow an attacker control to one or more locations in the search path.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Aveva ≫ Batch Management Version2020
Aveva ≫ Enterprise Data Management Version2020
Aveva ≫ Manufacturing Execution System Version2020
Aveva ≫ Mobile Operator Version2020
Aveva ≫ Platform Common Services Version4.4.6
Aveva ≫ Platform Common Services Version4.5.0
Aveva ≫ Platform Common Services Version4.5.1
Aveva ≫ Platform Common Services Version4.5.2
Aveva ≫ System Platform Version2020 Update-
Aveva ≫ System Platform Version2020 Updater2
Aveva ≫ System Platform Version2020 Updater2_p01
Aveva ≫ Work Tasks Version2020 Update-
Aveva ≫ Work Tasks Version2020 Updateupdate_1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.298 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| ics-cert@hq.dhs.gov | 7.3 | 1.3 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
|
CWE-427 Uncontrolled Search Path Element
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.