CVE-2021-44463 : Security Advisory and Response
Discover the impact of CVE-2021-44463, a high severity vulnerability in Emerson's DeltaV Distributed Control System Controllers and Workstations, allowing local privilege escalation through manipulated DLLs.
Emerson DeltaV Uncontrolled Search Path Element is a vulnerability reported by Sharon Brizinov of Claroty to Emerson, affecting DeltaV Distributed Control System Controllers and Workstations.
Understanding CVE-2021-44463
This CVE involves missing DLLs that, if replaced by an insider, could lead to local privilege escalation on the affected systems.
What is CVE-2021-44463?
Missing DLLs, once tampered with, can enable attackers to achieve local privilege escalation on DeltaV Distributed Control System Controllers and Workstations when specific DeltaV services are initiated.
The Impact of CVE-2021-44463
- Severity: High
- CVSS Base Score: 8.1
- Attack Vector: Local
- Scope: Changed
- User Interaction: Required
- Availability Impact: High
- Integrity Impact: High
- Privileges Required: Low
- Confidentiality Impact: Low
- Attack Complexity: Low
Technical Details of CVE-2021-44463
This section provides detailed technical insights into the vulnerability.
Vulnerability Description
The vulnerability stems from an uncontrolled search path element in the affected systems, allowing unauthorized DLL replacement for privilege escalation.
Affected Systems and Versions
All versions of DeltaV Distributed Control System Controllers and Workstations are susceptible to this vulnerability.
Exploitation Mechanism
By replacing essential DLLs, an attacker can manipulate the search path, gaining elevated privileges upon starting specific DeltaV services.
Mitigation and Prevention
Here are the necessary steps to mitigate and prevent exploitation of CVE-2021-44463:
Immediate Steps to Take
- Regularly monitor and validate integrity of critical system files
- Implement strict access controls and user permissions
- Conduct security awareness training to educate users on the risks of DLL tampering
Long-Term Security Practices
- Periodic security assessments and audits to detect unauthorized modifications
- Employ a robust endpoint protection system to prevent unauthorized DLL replacements
- Stay informed about security patches and updates for the DeltaV Distributed Control System
- Conduct regular security training and awareness programs for system users and administrators
- Implement the principle of least privilege to restrict unauthorized access
Patching and Updates
Stay updated with Emerson's security advisories and promptly apply patches and updates to mitigate the CVE-2021-44463 vulnerability.