Cyber Resilience

CVE-2021-38410

High

Published: 27 July 2022

Published
27 July 2022
Modified
17 April 2025
KEV Added
Patch
CVSS Score v3.1 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0011 28.8th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-38410 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Aveva Platform Common Services. Its CVSS base score is 7.3 (High).

Operationally, ranked at the 28.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

AVEVA Software Platform Common Services (PCS) Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search path element, which may allow an attacker control to one or more locations in the search path.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

aveva
batch management
2020
aveva
enterprise data management
2020
aveva
manufacturing execution system
2020
aveva
mobile operator
2020
aveva
platform common services
4.4.6, 4.5.0, 4.5.1, 4.5.2
aveva
system platform
2020
aveva
work tasks
2020

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References