CVE-2021-44463 HIGH

CVE-2021-44463: Emerson DeltaV Uncontrolled Search Path Element

Vendor N/A
Product n/a
Published January 28, 2022
Last update April 17, 2025

CVSS base score

8.1/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H

What the vulnerability does

01Description

Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation on the DeltaV Distributed Control System Controllers and Workstations (All versions) when some DeltaV services are started.

Key dates

02Disclosure timeline

January 28, 2022 CVE published
April 17, 2025 Record updated