Overview
- Description
- Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation on the DeltaV Distributed Control System Controllers and Workstations (All versions) when some DeltaV services are started.
- Source
- ics-cert@hq.dhs.gov
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.3
- Impact score
- 5.9
- Exploitability score
- 1.3
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 6.9
- Impact score
- 10
- Exploitability score
- 3.4
- Vector string
- AV:L/AC:M/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-427
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emerson:deltav:13.3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "01456184-6B25-4029-82D4-F5BF16180D7D"
},
{
"criteria": "cpe:2.3:a:emerson:deltav:14:feature_pack1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F2061D08-4DF5-473E-A68A-C1E6DD1EEA37"
},
{
"criteria": "cpe:2.3:a:emerson:deltav:14:feature_pack2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "06B9E5CA-A790-4298-AA75-A10D62ECCD57"
},
{
"criteria": "cpe:2.3:a:emerson:deltav:14.3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C96A8836-877A-4796-9A28-E7D9AB412024"
},
{
"criteria": "cpe:2.3:a:emerson:deltav:r6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "713DC40C-D9B9-43AA-9907-150467EAE43F"
}
],
"operator": "OR"
}
]
}
]