CVE-2021-44463
Summary
| CVE | CVE-2021-44463 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-01-28 20:15:00 UTC |
| Updated | 2022-07-12 17:16:00 UTC |
| Description | Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation on the DeltaV Distributed Control System Controllers and Workstations (All versions) when some DeltaV services are started. |
Risk And Classification
Problem Types: CWE-427
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Emerson | Deltav | All | All | All | All |
| Application | Emerson | Deltav | 13.3.1 | All | All | All |
| Application | Emerson | Deltav | 14 | feature_pack1 | All | All |
| Application | Emerson | Deltav | 14 | feature_pack2 | All | All |
| Application | Emerson | Deltav | 14.3.1 | All | All | All |
| Application | Emerson | Deltav | r6 | All | All | All |
| Hardware | Emerson | Deltav Distributed Control System | - | All | All | All |
| Operating System | Emerson | Deltav Distributed Control System Firmware | All | All | All | All |
| Hardware | Emerson | Deltav Workstation | - | All | All | All |
| Operating System | Emerson | Deltav Workstation Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Emerson DeltaV | CISA | MISC | www.cisa.gov | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Sharon Brizinov of Claroty reported these vulnerabilities to Emerson.
There are currently no legacy QID mappings associated with this CVE.