Main Vulnerability Database Vulnerabilities #VU14446

Improper privilege management in DeltaV - CVE-2018-14791

Published: August 17, 2018

Vulnerability identifier: #VU14446

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-14791

CWE-ID: CWE-269

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Emerson

Affected software:
DeltaV

Detailed vulnerability description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to improper privilege management. A local attacker can change executable and library files and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

How to mitigate CVE-2018-14791

Install update from vendor's website.

Sources

https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01

Improper privilege management in DeltaV - CVE-2018-14791

Detailed vulnerability description

How to mitigate CVE-2018-14791

Sources

Please verify you're human