Severity

High

Analysis Summary

CVE-2021-26264

A specially crafted script could cause a controller to restart and cause a denial-of-service condition.

CVE-2021-44463

Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation when some DeltaV services are started.

Impact

• Denial of Service
• Privilege Escalation

Affected Vendors

• Emerson

Affected Products

• DeltaV Distributed Control System Controllers and Workstations: All versions

Remediation

Refer to CISA Advisory for the patch, upgrade, or suggested workaround information.