Details of VAR-202112-2480

ID

VAR-202112-2480

CVE

CVE-2021-44463

TITLE

Emerson Electric Emerson DeltaV Distributed Control System Code problem vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202112-2093

DESCRIPTION

Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation on the DeltaV Distributed Control System Controllers and Workstations (All versions) when some DeltaV services are started.

Trust: 1.0

sources: NVD: CVE-2021-44463

AFFECTED PRODUCTS

vendor:	emerson	model:	deltav workstation	scope:	eq	version:	*	Trust: 1.0
vendor:	emerson	model:	deltav distributed control system	scope:	lt	version:	13.3.1	Trust: 1.0

sources: NVD: CVE-2021-44463

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2021-44463
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202112-2093
value:	HIGH
Trust: 0.6

NVD:	CVE-2021-44463
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0

NVD:	CVE-2021-44463
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.3
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNNVD: CNNVD-202112-2093 // NVD: CVE-2021-44463

PROBLEMTYPE DATA

problemtype:

CWE-427

Trust: 1.0

sources: NVD: CVE-2021-44463

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202112-2093

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202112-2093

CONFIGURATIONS

sources: NVD: CVE-2021-44463

PATCH

title:

Emerson Electric Emerson DeltaV Distributed Control System Fixes for code issue vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=175470

Trust: 0.6

sources: CNNVD: CNNVD-202112-2093

EXTERNAL IDS

db:	NVD	id:	CVE-2021-44463	Trust: 1.6
db:	ICS CERT	id:	ICSA-21-355-04	Trust: 1.6
db:	AUSCERT	id:	ESB-2022.0078	Trust: 0.6
db:	CS-HELP	id:	SB2022010402	Trust: 0.6
db:	CNNVD	id:	CNNVD-202112-2093	Trust: 0.6

sources: CNNVD: CNNVD-202112-2093 // NVD: CVE-2021-44463

REFERENCES

url:	https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-04	Trust: 1.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-355-04	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0078	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022010402	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-44463	Trust: 0.6

sources: CNNVD: CNNVD-202112-2093 // NVD: CVE-2021-44463

CREDITS

Sharon Brizinov of Claroty reported these vulnerabilities to Emerson.

Trust: 0.6

sources: CNNVD: CNNVD-202112-2093

SOURCES

db:	CNNVD	id:	CNNVD-202112-2093
db:	NVD	id:	CVE-2021-44463

LAST UPDATE DATE

2022-05-04T09:27:27.309000+00:00

SOURCES UPDATE DATE

db:	CNNVD	id:	CNNVD-202112-2093	date:	2022-03-01T00:00:00
db:	NVD	id:	CVE-2021-44463	date:	2022-02-25T14:26:00

SOURCES RELEASE DATE

db:	CNNVD	id:	CNNVD-202112-2093	date:	2021-12-21T00:00:00
db:	NVD	id:	CVE-2021-44463	date:	2022-01-28T20:15:00