CVE-2021-44463

EPSS 0.04%
Published 28.01.2022 20:15:12
Last modified 17.04.2025 16:15:24
Source ics-cert@hq.dhs.gov
Teams watchlist Login
Open Login

Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation on the DeltaV Distributed Control System Controllers and Workstations (All versions) when some DeltaV services are started.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Emerson ≫ Deltav Version13.3.1

Emerson ≫ Deltav Version14 Updatefeature_pack1

Emerson ≫ Deltav Version14 Updatefeature_pack2

Emerson ≫ Deltav Version14.3.1

Emerson ≫ Deltav Versionr6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.093

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.3	1.3	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.9	3.4	10	AV:L/AC:M/Au:N/C:C/I:C/A:C
ics-cert@hq.dhs.gov	8.1	1.5	6	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H

CWE-427 Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-04

Third Party Advisory

US Government Resource

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2021-44463

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-44463

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-44463

EUVD