An issue was discovered in Emerson DeltaV Easy Security Management DeltaV V12.3, DeltaV V12.3.1, and DeltaV V13.3. Critical vulnerabilities may allow a local attacker to elevate privileges within the DeltaV control system.

Metrics

No CVSS v4.0

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Adjacent Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:A/AC:M/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Emerson
  • Deltav

Configuration 1 [-]

OR cpe:2.3:a:emerson:deltav:12.3:*:*:*:*:*:*:*
cpe:2.3:a:emerson:deltav:12.3.1:*:*:*:*:*:*:*
cpe:2.3:a:emerson:deltav:13.3:*:*:*:*:*:*:*

No data.

References
Link Providers
http://www.securityfocus.com/bid/105767 cve-icon cve-icon
http://www.securityfocus.com/bid/94584 cve-icon cve-icon
https://ics-cert.us-cert.gov/advisories/ICSA-16-334-02 cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2017-02-13T21:00:00

Updated: 2024-08-06T02:50:37.647Z

Reserved: 2016-11-16T00:00:00

Link: CVE-2016-9345

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-02-13T21:59:01.767

Modified: 2024-11-21T03:00:59.607

Link: CVE-2016-9345

cve-icon Redhat

No data.