CVE-2021-38410 HIGH

CVE-2021-38410: AVEVA PCS Portal Uncontrolled Search Path Element

Vendor Aveva
Product Platform Common Services (PCS) Portal
Published July 27, 2022
Last update April 17, 2025

CVSS base score

7.3/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

AVEVA Software Platform Common Services (PCS) Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search path element, which may allow an attacker control to one or more locations in the search path.

Key dates

02Disclosure timeline

July 27, 2022 CVE published
April 17, 2025 Record updated