Insecure DLL loading in AVEVA Software, LLC. products - CVE-2021-38410

 

Insecure DLL loading in AVEVA Software, LLC. products - CVE-2021-38410

Published: September 10, 2021


Vulnerability identifier: #VU56440
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-38410
CWE-ID: CWE-427
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: AVEVA Software, LLC.
Affected software:
Platform Common Services (PCS) Portal
AVEVA Batch Management
AVEVA Work Tasks
AVEVA Mobile Operator
AVEVA Manufacturing Execution System
AVEVA Enterprise Data Management
AVEVA System Platform

Detailed vulnerability description

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists due to the application loads DLL libraries in an insecure manner. A local user can control one or more locations in the search path.


How to mitigate CVE-2021-38410

Install updates from vendor's website.

Sources