CVE-2025-44567

MediumProof-of-Concept

Emerson DeltaV DCS Path Traversal Vulnerability

6.5

CVSS v3.1 Base Score

Medium severity — Plan remediation

AV: Network AC: LowAuth: Required

Path traversal in DeltaV DCS web interface allows low-privilege users to read sensitive configuration files. Requires authentication, reducing immediate risk. However, exposed credentials and controller backups enable escalation. No known active exploitation.

Status

Proof-of-Concept

Complexity

Low

Auth Required

Yes

Initial Access

DeltaV web interface (HTTPS/443)

Known Techniques

Directory traversal via ../../ sequences in file download API
URL encoding bypass of path validation filters

Published:2025-01-10

Modified:2025-01-25

Vendor:Emerson

CWE:CWE-22

Path Traversal

Risk Summary

Overall RiskMedium

ExploitationProof-of-Concept

DetectionMedium coverage

Detection Rate90%

Rules Available1

CVE-2025-44567

Emerson DeltaV DCS Path Traversal Vulnerability

CVSS v3.1 Base Score

Executive Summary

Exploitation Context

Technical Vulnerability Breakdown

Full Description

Detection & Rule Intelligence (1 rules)

Rule Effectiveness & Testing Results

OT Risk Assessment

Mitigation & Response Guidance

Recommendations & Tuning Notes

Affected Products

References