CVE-2021-44463
High
Published: 28 January 2022
Published
28 January 2022
Modified
17 April 2025
KEV Added
—
Patch
—
CVSS Score v3.1
8.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H
EPSS Score
0.0004
13.0th percentile
Risk Priority
16
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2021-44463 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Emerson Deltav. Its CVSS base score is 8.1 (High).
Operationally, ranked at the 13.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-31300
Vulnerability details
Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation on the DeltaV Distributed Control System Controllers and Workstations (All versions) when some DeltaV services are started.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
emerson
deltav
13.3.1, 14, 14.3.1, r6
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.