Описание
Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation on the DeltaV Distributed Control System Controllers and Workstations (All versions) when some DeltaV services are started.
Ссылки
- MitigationThird Party AdvisoryUS Government Resource
- MitigationThird Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:emerson:deltav:13.3.1:*:*:*:*:*:*:*
cpe:2.3:a:emerson:deltav:14:feature_pack1:*:*:*:*:*:*
cpe:2.3:a:emerson:deltav:14:feature_pack2:*:*:*:*:*:*
cpe:2.3:a:emerson:deltav:14.3.1:*:*:*:*:*:*:*
cpe:2.3:a:emerson:deltav:r6:*:*:*:*:*:*:*
EPSS
Процентиль: 12%
0.00041
Низкий
8.1 High
CVSS3
7.3 High
CVSS3
6.9 Medium
CVSS2
Дефекты
CWE-427
CWE-427
Связанные уязвимости
CVSS3: 7.3
github
около 4 лет назад
Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation on the DeltaV Distributed Control System Controllers and Workstations (All versions) when some DeltaV services are started.
EPSS
Процентиль: 12%
0.00041
Низкий
8.1 High
CVSS3
7.3 High
CVSS3
6.9 Medium
CVSS2
Дефекты
CWE-427
CWE-427