CVE-2023-1136

In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an unauthenticated attacker could generate a valid token, which would lead to authentication bypass...

CVE-2023-1139

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-gateway service, which could allow deserialization of requests prior to authentication, resulting in remote code execution...

CVE-2022-41688

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper authentication for functions that create and modify user groups. An attacker could provide malicious serialized objects that could run these functions without authentication to create a new user and add them to th...

Delta Electronics InfraSuite Device Master ActiveMQ Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Apache ActiveMQ broker, which listens on TCP port 61616 b...

The vulnerability of the Delta Electronics InfraSuite Device Master software in monitoring devices in real time, due to deficiencies in the deserialization mechanism, allows a perpetrator to execute arbitrary code.

The vulnerability of the Delta Electronics InfraSuite Device Master software for real-time device monitoring is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2023-47207

In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute code with local administrator privileges...

CVE-2023-46690

In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an attacker to write to any file to any location of the filesystem, which could lead to remote code execution...

CVE-2023-46690 Delta Electronics InfraSuite Device Master Path Traversal

In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an attacker to write to any file to any location of the filesystem, which could lead to remote code execution...

Delta Electronics InfraSuite Device Master Device-Gateway Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Device-Gateway service, which listens on TCP port 3100 by...

Delta Electronics InfraSuite Device Master UploadMedia Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics InfraSuite Device Master. Authentication is required to exploit this vulnerability. The specific flaw exists within the UploadMedia function. The issue results from the lack of prop...

Delta Electronics InfraSuite Device Master RunScript Exposed Dangerous Method Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RunScript method. The issue results from an exposed...

Delta Electronics InfraSuite Device Master Security Vulnerability

Delta Electronics InfraSuite Device Master is a device used to simplify and automate the monitoring of critical equipment from Delta Electronics Taiwan, China. A security vulnerability exists in Delta Electronics InfraSuite Device Master v.1.0.7 and prior versions that originated from a...

CVE-2023-30765

​Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contain improper access controls that could allow an attacker to alter privilege management configurations, resulting in privilege escalation...

Code injection

?Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contains classes that cannot be deserialized, which could allow an attack to remotely execute arbitrary code...

CVE-2023-34347 ​Delta Electronics InfraSuite Device Master Deserialization of Untrusted Data

​Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contains classes that cannot be deserialized, which could allow an attack to remotely execute arbitrary code...

CVE-2023-34347 ​Delta Electronics InfraSuite Device Master Deserialization of Untrusted Data

​Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contains classes that cannot be deserialized, which could allow an attack to remotely execute arbitrary code...

PT-2023-22964 · Delta Electronics · Infrasuite Device Master

Name of the Vulnerable Software and Affected Versions: Delta Electronics InfraSuite Device Master versions prior to 1.0.7 Description: The issue is related to improper access controls that could allow an attacker to alter privilege management configurations, resulting in privilege escalation...

CISA Releases Nine Industrial Control Systems Advisories

CISA released nine Industrial Control Systems ICS advisories on June 29, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-180-01 Delta Electronics InfraSuite Device Master ICSA-23-180-02 Schneider Electric...

Metasploit Weekly Wrap-Up

MOVEit It has been a busy few weeks in the security space; the MOVEit vulnerability filling our news feeds with dancing lemurs and a Barracuda vulnerability that has us all wondering how many shredders out there can handle a 1U appliance. Despite those very worthwhile distractions, Metasploit has...

Delta Electronics InfraSuite Device Master Deserialization

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Delta Electronics InfraSuite Device Master Deserialization', 'Description' = %q Delta Electronics InfraSuite Device Master versions below v1.0.5...