InfraSuite Device Master
CVEs (32)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-1133 | Cri | 0.71 | 9.8 | 0.50 | Mar 27, 2023 | Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which the Device-status service listens on port 10100/ UDP by default. The service accepts the unverified UDP packets and deserializes the content, which could allow an unauthenticated… | ||
| CVE-2022-41772 | Cri | 0.66 | 9.8 | 0.25 | Oct 31, 2022 | Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior mishandle .ZIP archives containing characters used in path traversal. This path traversal could result in remote code execution. | ||
| CVE-2024-10456 | Cri | 0.65 | 9.8 | 0.18 | Oct 30, 2024 | Delta Electronics InfraSuite Device Master versions prior to 1.0.12 are affected by a deserialization vulnerability that targets the Device-Gateway, which could allow deserialization of arbitrary .NET objects prior to authentication. | ||
| CVE-2023-47207 | Cri | 0.65 | 9.8 | 0.17 | Nov 30, 2023 | In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute code with local administrator privileges. | ||
| CVE-2022-41657 | Cri | 0.65 | 9.8 | 0.21 | Oct 31, 2022 | Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior allow attacker provided data already serialized into memory to be used in file operation application programmable interfaces (APIs). This could create arbitrary files, which could be used in API operations… | ||
| CVE-2022-38142 | Cri | 0.65 | 9.8 | 0.18 | Oct 31, 2022 | Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-Gateway service port without proper verification. An attacker could provide malicious serialized objects to execute arbitrary code upon… | ||
| CVE-2023-39226 | Cri | 0.64 | 9.8 | 0.01 | Nov 30, 2023 | In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute arbitrary code through a single UDP packet. | ||
| CVE-2023-34347 | Cri | 0.64 | 9.8 | 0.01 | Jul 10, 2023 | Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contains classes that cannot be deserialized, which could allow an attack to remotely execute arbitrary code. | ||
| CVE-2023-1140 | Cri | 0.64 | 9.8 | 0.01 | Mar 27, 2023 | Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability that could allow an attacker to achieve unauthenticated remote code execution in the context of an administrator. | ||
| CVE-2023-1136 | Cri | 0.64 | 9.8 | 0.01 | Mar 27, 2023 | In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an unauthenticated attacker could generate a valid token, which would lead to authentication bypass. | ||
| CVE-2022-41778 | Cri | 0.64 | 9.8 | 0.01 | Jan 13, 2023 | Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-DataCollect service port without proper verification. An attacker could provide malicious serialized objects to execute arbitrary code upon… | ||
| CVE-2022-41688 | Cri | 0.64 | 9.8 | 0.01 | Oct 31, 2022 | Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper authentication for functions that create and modify user groups. An attacker could provide malicious serialized objects that could run these functions without authentication to create a new user… | ||
| CVE-2022-40202 | Cri | 0.64 | 9.8 | 0.01 | Oct 31, 2022 | The database backup function in Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior lacks proper authentication. An attacker could provide malicious serialized objects which, when deserialized, could activate an opcode for a backup scheduling function… | ||
| CVE-2023-46690 | Hig | 0.57 | 8.8 | 0.02 | Nov 30, 2023 | In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an attacker to write to any file to any location of the filesystem, which could lead to remote code execution. | ||
| CVE-2023-30765 | Hig | 0.57 | 8.8 | 0.02 | Jul 10, 2023 | Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contain improper access controls that could allow an attacker to alter privilege management configurations, resulting in privilege escalation. | ||
| CVE-2023-1144 | Hig | 0.57 | 8.8 | 0.01 | Mar 27, 2023 | Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contains an improper access control vulnerability in which an attacker can use the Device-Gateway service and bypass authorization, which could result in privilege escalation. | ||
| CVE-2023-1143 | Hig | 0.57 | 8.8 | 0.01 | Mar 27, 2023 | In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code. | ||
| CVE-2023-1141 | Hig | 0.57 | 8.8 | 0.02 | Mar 27, 2023 | Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a command injection vulnerability that could allow an attacker to inject arbitrary commands, which could result in remote code execution. | ||
| CVE-2023-1139 | Hig | 0.57 | 8.8 | 0.01 | Mar 27, 2023 | Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-gateway service, which could allow deserialization of requests prior to authentication, resulting in remote code execution. | ||
| CVE-2023-0444 | Hig | 0.57 | 8.8 | 0.01 | Jan 26, 2023 | A privilege escalation vulnerability exists in Delta Electronics InfraSuite Device Master 00.00.02a. A default user 'User', which is in the 'Read Only User' group, can view the password of another default user 'Administrator', which is in the 'Administrator' group. This allows… |
- risk 0.71cvss 9.8epss 0.50
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which the Device-status service listens on port 10100/ UDP by default. The service accepts the unverified UDP packets and deserializes the content, which could allow an unauthenticated…
- risk 0.66cvss 9.8epss 0.25
Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior mishandle .ZIP archives containing characters used in path traversal. This path traversal could result in remote code execution.
- risk 0.65cvss 9.8epss 0.18
Delta Electronics InfraSuite Device Master versions prior to 1.0.12 are affected by a deserialization vulnerability that targets the Device-Gateway, which could allow deserialization of arbitrary .NET objects prior to authentication.
- risk 0.65cvss 9.8epss 0.17
In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute code with local administrator privileges.
- risk 0.65cvss 9.8epss 0.21
Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior allow attacker provided data already serialized into memory to be used in file operation application programmable interfaces (APIs). This could create arbitrary files, which could be used in API operations…
- risk 0.65cvss 9.8epss 0.18
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-Gateway service port without proper verification. An attacker could provide malicious serialized objects to execute arbitrary code upon…
- risk 0.64cvss 9.8epss 0.01
In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute arbitrary code through a single UDP packet.
- risk 0.64cvss 9.8epss 0.01
Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contains classes that cannot be deserialized, which could allow an attack to remotely execute arbitrary code.
- risk 0.64cvss 9.8epss 0.01
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability that could allow an attacker to achieve unauthenticated remote code execution in the context of an administrator.
- risk 0.64cvss 9.8epss 0.01
In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an unauthenticated attacker could generate a valid token, which would lead to authentication bypass.
- risk 0.64cvss 9.8epss 0.01
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-DataCollect service port without proper verification. An attacker could provide malicious serialized objects to execute arbitrary code upon…
- risk 0.64cvss 9.8epss 0.01
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper authentication for functions that create and modify user groups. An attacker could provide malicious serialized objects that could run these functions without authentication to create a new user…
- risk 0.64cvss 9.8epss 0.01
The database backup function in Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior lacks proper authentication. An attacker could provide malicious serialized objects which, when deserialized, could activate an opcode for a backup scheduling function…
- risk 0.57cvss 8.8epss 0.02
In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an attacker to write to any file to any location of the filesystem, which could lead to remote code execution.
- risk 0.57cvss 8.8epss 0.02
Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contain improper access controls that could allow an attacker to alter privilege management configurations, resulting in privilege escalation.
- risk 0.57cvss 8.8epss 0.01
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contains an improper access control vulnerability in which an attacker can use the Device-Gateway service and bypass authorization, which could result in privilege escalation.
- risk 0.57cvss 8.8epss 0.01
In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code.
- risk 0.57cvss 8.8epss 0.02
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a command injection vulnerability that could allow an attacker to inject arbitrary commands, which could result in remote code execution.
- risk 0.57cvss 8.8epss 0.01
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-gateway service, which could allow deserialization of requests prior to authentication, resulting in remote code execution.
- risk 0.57cvss 8.8epss 0.01
A privilege escalation vulnerability exists in Delta Electronics InfraSuite Device Master 00.00.02a. A default user 'User', which is in the 'Read Only User' group, can view the password of another default user 'Administrator', which is in the 'Administrator' group. This allows…
Page 1 of 2