CVE-2021-44463

HIGH

Emerson Deltav - Uncontrolled Search Path

Title source: rule

Description

Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation on the DeltaV Distributed Control System Controllers and Workstations (All versions) when some DeltaV services are started.

References (1)

[Mitigation, Third Party Advisory, US Government Resource] https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-04

Scores

CVSS v3 8.1

EPSS 0.0004

EPSS Percentile 12.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (5)

emerson/deltav

Timeline

Published Jan 28, 2022

Tracked Since Feb 18, 2026