← back
CVE-2021-44463

Emerson DeltaV Uncontrolled Search Path Element

CVSS 8.1 HIGHEPSS 0.3%CWE-427
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.1EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
28 Jan 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation on the DeltaV Distributed Control System Controllers and Workstations (All versions) when some DeltaV services are started.
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-04