CVE-2021-38410

HIGH

Aveva Batch Management - Uncontrolled Search Path

Title source: rule

Description

AVEVA Software Platform Common Services (PCS) Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search path element, which may allow an attacker control to one or more locations in the search path.

References (2)

[Vendor Advisory] https://www.aveva.com/en/support-and-success/cyber-security-updates/

[Third Party Advisory, US Government Resource] https://www.cisa.gov/uscert/ics/advisories/icsa-21-252-01

Scores

CVSS v3 7.3

EPSS 0.0011

EPSS Percentile 29.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (13)

aveva/batch_management

aveva/enterprise_data_management

aveva/manufacturing_execution_system

aveva/mobile_operator

aveva/platform_common_services

aveva/system_platform

aveva/work_tasks

Timeline

Published Jul 27, 2022

Tracked Since Feb 18, 2026