CVE-2021-38410
High
Published: 27 July 2022
Published
27 July 2022
Modified
17 April 2025
KEV Added
—
Patch
—
CVSS Score v3.1
7.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score
0.0011
28.8th percentile
Risk Priority
15
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2021-38410 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Aveva Platform Common Services. Its CVSS base score is 7.3 (High).
Operationally, ranked at the 28.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-24862
Vulnerability details
AVEVA Software Platform Common Services (PCS) Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search path element, which may allow an attacker control to one or more locations in the search path.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
aveva
batch management
2020
aveva
enterprise data management
2020
aveva
manufacturing execution system
2020
aveva
mobile operator
2020
aveva
platform common services
4.4.6, 4.5.0, 4.5.1, 4.5.2
aveva
system platform
2020
aveva
work tasks
2020
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.