var-202109-1926
Vulnerability from variot
AVEVA Software Platform Common Services (PCS) Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search path element, which may allow an attacker control to one or more locations in the search path. AVEVA Provided by the company PCS Portal teeth AVEVA A common framework for data exchange between nodes running the products. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. AVEVA System Platform is an application software of British AVEVA company. A responsive, standards-driven and scalable foundation for regulatory, enterprise SCADA, MES and IIoT applications
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202109-1926",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "work tasks",
"scope": "eq",
"trust": 1.8,
"vendor": "aveva",
"version": "2020"
},
{
"model": "enterprise data management",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2020"
},
{
"model": "platform common services",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "4.4.6"
},
{
"model": "mobile operator",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2020"
},
{
"model": "batch management",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2020"
},
{
"model": "platform common services",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "4.5.2"
},
{
"model": "platform common services",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "4.5.1"
},
{
"model": "manufacturing execution system",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2020"
},
{
"model": "platform common services",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "4.5.0"
},
{
"model": "system platform",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2020"
},
{
"model": "work tasks",
"scope": "eq",
"trust": 0.8,
"vendor": "aveva",
"version": "2020 update 1"
},
{
"model": "system platform",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "enterprise data management",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "mobile operator",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "software platform common services",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "batch management",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "manufacturing execution system",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002396"
},
{
"db": "NVD",
"id": "CVE-2021-38410"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:aveva:system_platform:2020:r2_p01:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:system_platform:2020:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:system_platform:2020:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:platform_common_services:4.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:platform_common_services:4.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:platform_common_services:4.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:platform_common_services:4.4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:batch_management:2020:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:enterprise_data_management:2020:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:manufacturing_execution_system:2020:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:mobile_operator:2020:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:work_tasks:2020:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:work_tasks:2020:update_1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-38410"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Noam Moshe of Claroty discovered and disclosed the vulnerability to the AVEVA Software Security Response Center.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-449"
}
],
"trust": 0.6
},
"cve": "CVE-2021-38410",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-002396",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-38410",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2021-38410",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2021-002396",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202109-449",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002396"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-449"
},
{
"db": "NVD",
"id": "CVE-2021-38410"
},
{
"db": "NVD",
"id": "CVE-2021-38410"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AVEVA Software Platform Common Services (PCS) Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search path element, which may allow an attacker control to one or more locations in the search path. AVEVA Provided by the company PCS Portal teeth AVEVA A common framework for data exchange between nodes running the products. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. AVEVA System Platform is an application software of British AVEVA company. A responsive, standards-driven and scalable foundation for regulatory, enterprise SCADA, MES and IIoT applications",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-38410"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002396"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-449"
},
{
"db": "VULMON",
"id": "CVE-2021-38410"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-38410",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-21-252-01",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU98046090",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002396",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3041",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021091003",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202109-449",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-38410",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-38410"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002396"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-449"
},
{
"db": "NVD",
"id": "CVE-2021-38410"
}
]
},
"id": "VAR-202109-1926",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.23076923
},
"last_update_date": "2024-06-14T22:51:34.762000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AVEVA-2021-008 (( PDF )",
"trust": 0.8,
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/securitybulletin_aveva-2021-008.pdf"
},
{
"title": "AVEVA System Platform Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=161910"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002396"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-449"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-427",
"trust": 1.0
},
{
"problemtype": "Uncontrolled search path elements (CWE-427) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002396"
},
{
"db": "NVD",
"id": "CVE-2021-38410"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/"
},
{
"trust": 1.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-252-01"
},
{
"trust": 1.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-252-01"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu98046090/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-38410"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-38410/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021091003"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3041"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-38410"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002396"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-449"
},
{
"db": "NVD",
"id": "CVE-2021-38410"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-38410"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002396"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-449"
},
{
"db": "NVD",
"id": "CVE-2021-38410"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-27T00:00:00",
"db": "VULMON",
"id": "CVE-2021-38410"
},
{
"date": "2021-09-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002396"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-09-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-449"
},
{
"date": "2022-07-27T21:15:08.523000",
"db": "NVD",
"id": "CVE-2021-38410"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-28T00:00:00",
"db": "VULMON",
"id": "CVE-2021-38410"
},
{
"date": "2024-06-14T01:39:00",
"db": "JVNDB",
"id": "JVNDB-2021-002396"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-449"
},
{
"date": "2022-08-04T02:48:06.450000",
"db": "NVD",
"id": "CVE-2021-38410"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-449"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AVEVA\u00a0 Made \u00a0PCS\u00a0Portal\u00a0 In \u00a0DLL\u00a0 Loading vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002396"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.