CVE-2021-38410

Name of the Vulnerable Software and Affected Versions AVEVA Software Platform Common Services (PCS) Portal versions 4.4.6, 4.5.0, 4.5.1, 4.5.2

Description The issue is related to DLL hijacking through an uncontrolled search path element. This may allow an attacker to control one or more locations in the search path.

Recommendations For versions 4.4.6, 4.5.0, 4.5.1, 4.5.2, consider restricting access to the search path to minimize the risk of exploitation. As a temporary workaround, limit the ability of attackers to control locations in the search path until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.