CVE-2021-44463

Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation on the DeltaV Distributed Control System Controllers and Workstations (All versions) when some DeltaV services are started.
References
Link Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-04 Mitigation Third Party Advisory US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-04 Mitigation Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:emerson:deltav:13.3.1:*:*:*:*:*:*:*
cpe:2.3:a:emerson:deltav:14:feature_pack1:*:*:*:*:*:*
cpe:2.3:a:emerson:deltav:14:feature_pack2:*:*:*:*:*:*
cpe:2.3:a:emerson:deltav:14.3.1:*:*:*:*:*:*:*
cpe:2.3:a:emerson:deltav:r6:*:*:*:*:*:*:*

History

21 Nov 2024, 06:31

Type Values Removed Values Added
CVSS v2 : 6.9
v3 : 7.3
v2 : 6.9
v3 : 8.1
References () https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-04 - Mitigation, Third Party Advisory, US Government Resource () https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-04 - Mitigation, Third Party Advisory, US Government Resource

12 Jul 2022, 17:16

Type Values Removed Values Added
CPE cpe:2.3:o:emerson:deltav_workstation_firmware:*:*:*:*:*:*:*:*
cpe:2.3:a:emerson:deltav:*:*:*:*:*:*:*:*
cpe:2.3:h:emerson:deltav_workstation:-:*:*:*:*:*:*:*
cpe:2.3:a:emerson:deltav:14:feature_pack1:*:*:*:*:*:*
cpe:2.3:a:emerson:deltav:14.3.1:*:*:*:*:*:*:*
cpe:2.3:a:emerson:deltav:14:feature_pack2:*:*:*:*:*:*
cpe:2.3:a:emerson:deltav:13.3.1:*:*:*:*:*:*:*
cpe:2.3:a:emerson:deltav:r6:*:*:*:*:*:*:*

12 Jul 2022, 15:15

Type Values Removed Values Added
CVSS v2 : 7.2
v3 : 7.3
v2 : 6.9
v3 : 7.3
CPE cpe:2.3:o:emerson:deltav_distributed_control_system_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:emerson:deltav_distributed_control_system:-:*:*:*:*:*:*:*
cpe:2.3:a:emerson:deltav:*:*:*:*:*:*:*:*

25 Feb 2022, 14:26

Type Values Removed Values Added
CPE cpe:2.3:o:emerson:deltav_workstation_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:emerson:deltav_distributed_control_system:-:*:*:*:*:*:*:*
cpe:2.3:o:emerson:deltav_distributed_control_system_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:emerson:deltav_workstation:-:*:*:*:*:*:*:*
CWE CWE-427
CVSS v2 : unknown
v3 : unknown
v2 : 7.2
v3 : 7.3
References (MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-04 - (MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-04 - Mitigation, Third Party Advisory, US Government Resource

28 Jan 2022, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-01-28 20:15

Updated : 2024-11-21 06:31


NVD link : CVE-2021-44463

Mitre link : CVE-2021-44463

CVE.ORG link : CVE-2021-44463


JSON object : View

Products Affected

emerson

  • deltav
CWE
CWE-427

Uncontrolled Search Path Element