#VU56440 Insecure DLL loading in AVEVA Software, LLC. products - CVE-2021-38410
Published: September 10, 2021
Vulnerability identifier: #VU56440
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-38410
CWE-ID: CWE-427
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Platform Common Services (PCS) Portal
AVEVA Batch Management
AVEVA Work Tasks
AVEVA Mobile Operator
AVEVA Manufacturing Execution System
AVEVA Enterprise Data Management
AVEVA System Platform
Platform Common Services (PCS) Portal
AVEVA Batch Management
AVEVA Work Tasks
AVEVA Mobile Operator
AVEVA Manufacturing Execution System
AVEVA Enterprise Data Management
AVEVA System Platform
Software vendor:
AVEVA Software, LLC.
AVEVA Software, LLC.
Description
The vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to the application loads DLL libraries in an insecure manner. A local user can control one or more locations in the search path.
Remediation
Install updates from vendor's website.