CVE-2018-14797

HIGH

Emerson DeltaV DCS <14 - Code Injection

Title source: llm

Description

Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a specially crafted DLL file to be placed in the search path and loaded as an internal and valid DLL, which may allow arbitrary code execution.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/105105

[Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01

Scores

CVSS v3 7.8

EPSS 0.0022

EPSS Percentile 44.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (5)

emerson/deltav

Timeline

Published Aug 23, 2018

Tracked Since Feb 18, 2026