CVE-2021-44463

EPSS 0.04%
Veröffentlicht 28.01.2022 20:15:12
Zuletzt bearbeitet 17.04.2025 16:15:24
Quelle ics-cert@hq.dhs.gov
Teams Watchlist Login
Unerledigt Login

Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation on the DeltaV Distributed Control System Controllers and Workstations (All versions) when some DeltaV services are started.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Emerson ≫ Deltav Version13.3.1

Emerson ≫ Deltav Version14 Updatefeature_pack1

Emerson ≫ Deltav Version14 Updatefeature_pack2

Emerson ≫ Deltav Version14.3.1

Emerson ≫ Deltav Versionr6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.093

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.3	1.3	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.9	3.4	10	AV:L/AC:M/Au:N/C:C/I:C/A:C
ics-cert@hq.dhs.gov	8.1	1.5	6	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H

CWE-427 Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-04

Third Party Advisory

US Government Resource

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2021-44463

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-44463

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-44463

EUVD