6.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
8.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H
7.2 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
10.5%
Successful exploitation of these vulnerabilities could allow an attacker to achieve local privilege escalation or restart a controller, resulting in a denial-of-service condition.
Emerson reports these vulnerabilities affect the following versions:
A specially crafted script could cause a controller to restart and cause a denial-of-service condition.
CVE-2021-26264 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H).
Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation when some DeltaV services are started.
CVE-2021-44463 has been assigned to this vulnerability. A CVSS v3 base score of 8.1 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H).
Sharon Brizinov of Claroty reported these vulnerabilities to Emerson.
Emerson recommends users apply the vendor patch to affected products listed below:
Software patches are available to users with access to the Guardian Support Portal (login required). Please refer to the Knowledge Base Article NK-2100-0497 (DSN21008) on the Guardian Support Portal for more information.
To limit exposure to these and other vulnerabilities, Emerson recommends DeltaV systems and related components be deployed and configured as described in the DeltaV Security Manual, which can be found in Emersonβs Guardian Support Portal (login required).
CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01BβTargeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
CISA also recommends users take the following measures to protect themselves from social engineering attacks:
No known public exploits specifically target these vulnerabilities.
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26264
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44463
cwe.mitre.org/data/definitions/306.html
cwe.mitre.org/data/definitions/427.html
guardian.emersonprocess.com/
guardian.emersonprocess.com/
public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138
twitter.com/CISAgov
twitter.com/intent/tweet?text=Emerson%20DeltaV+https://www.cisa.gov/news-events/ics-advisories/icsa-21-355-04
www.cisa.gov/uscert/ics
www.cisa.gov/uscert/ics
www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01
www.cisa.gov/uscert/ics/recommended-practices
www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B
www.cisa.gov/uscert/sites/default/files/publications/emailscams_0905.pdf
www.cisa.gov/uscert/sites/default/files/publications/emailscams_0905.pdf
www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
www.dhs.gov
www.dhs.gov/foia
www.dhs.gov/performance-financial-reports
www.facebook.com/CISA
www.facebook.com/sharer/sharer.php?u=https://www.cisa.gov/news-events/ics-advisories/icsa-21-355-04&title=Emerson%20DeltaV
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H
www.instagram.com/cisagov
www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency
www.linkedin.com/sharing/share-offsite/?url=https://www.cisa.gov/news-events/ics-advisories/icsa-21-355-04
www.oig.dhs.gov/
www.surveymonkey.com/r/CISA-cyber-survey?product=https://www.cisa.gov/news-events/ics-advisories/icsa-21-355-04
www.usa.gov/
www.whitehouse.gov/
www.youtube.com/@cisagov
mailto:?subject=Emerson%20DeltaV&body=www.cisa.gov/news-events/ics-advisories/icsa-21-355-04
6.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
8.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H
7.2 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
10.5%