Lucene search
K

295 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 2:58 a.m.20 views

CVE-2023-1136

In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an unauthenticated attacker could generate a valid token, which would lead to authentication bypass...

9.8CVSS7.1AI score0.00736EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:58 a.m.7 views

CVE-2023-1143

In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code...

8.8CVSS7.3AI score0.00835EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:58 a.m.5 views

CVE-2023-1134

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a path traversal vulnerability, which could allow an attacker to read local files, disclose plaintext credentials, and escalate privileges...

8.8CVSS6.6AI score0.00659EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:58 a.m.4 views

CVE-2023-1138

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain an improper access control vulnerability, which could allow an attacker to retrieve Gateway configuration files to obtain plaintext credentials...

7.5CVSS6.8AI score0.00571EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:55 a.m.3 views

CVE-2023-0444

A privilege escalation vulnerability exists in Delta Electronics InfraSuite Device Master 00.00.02a. A default user 'User', which is in the 'Read Only User' group, can view the password of another default user 'Administrator', which is in the 'Administrator' group. This allows any lower privilege...

8.8CVSS8.7AI score0.00992EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:33 a.m.5 views

CVE-2023-1137

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which a low-level user could extract files and plaintext credentials of administrator users, resulting in privilege escalation...

8.8CVSS6.8AI score0.0055EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:33 a.m.7 views

CVE-2023-1139

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-gateway service, which could allow deserialization of requests prior to authentication, resulting in remote code execution...

8.8CVSS7.6AI score0.01255EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:33 a.m.4 views

CVE-2023-1144

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contains an improper access control vulnerability in which an attacker can use the Device-Gateway service and bypass authorization, which could result in privilege escalation...

8.8CVSS6.9AI score0.00645EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/06 12:13 a.m.10 views

CVE-2022-38142

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-Gateway service port without proper verification. An attacker could provide malicious serialized objects to execute arbitrary code upon deserialization...

9.8CVSS7.7AI score0.18212EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 11:49 p.m.9 views

CVE-2022-41772

Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior mishandle .ZIP archives containing characters used in path traversal. This path traversal could result in remote code execution...

9.8CVSS7.7AI score0.24945EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 11:46 p.m.22 views

CVE-2022-41657

Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior allow attacker provided data already serialized into memory to be used in file operation application programmable interfaces APIs. This could create arbitrary files, which could be used in API operations and could ultimately...

9.8CVSS7.6AI score0.20898EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 11:43 p.m.10 views

CVE-2022-41644

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lacks authentication for a function that changes group privileges. An attacker could use this to create a denial-of-service state or escalate their own privileges...

8.8CVSS7.2AI score0.00686EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 11:41 p.m.10 views

CVE-2022-41778

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-DataCollect service port without proper verification. An attacker could provide malicious serialized objects to execute arbitrary code upon deserialization...

9.8CVSS7.7AI score0.01035EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 11:35 p.m.10 views

CVE-2022-41629

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to access the aprunning endpoint, which could allow an attacker to retrieve any file from the “RunningConfigs” directory. The attacker could then view and modify configuration files such as...

9.1CVSS6.8AI score0.00589EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/11/06 12:0 a.m.13 views

Delta Electronics InfraSuite Device Master _gExtraInfo Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the gExtraInfo attribute. The issue results...

9.8CVSS7.4AI score0.177EPSS
Exploits0References1
NVD
NVD
added 2024/10/30 6:15 p.m.11 views

CVE-2024-10456

Delta Electronics InfraSuite Device Master versions prior to 1.0.12 are affected by a deserialization vulnerability that targets the Device-Gateway, which could allow deserialization of arbitrary .NET objects prior to authentication...

9.8CVSS0.177EPSS
Exploits0References1
CVE
CVE
added 2024/10/30 6:4 p.m.43 views

CVE-2024-10456

Delta Electronics InfraSuite Device Master is affected in versions prior to 1.0.12 by a deserialization vulnerability in the Device-Gateway that can deserialize arbitrary .NET objects before authentication, enabling remote code execution. Affected product: InfraSuite Device Master (1.0.12 and ear...

9.8CVSS9.6AI score0.177EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/30 6:4 p.m.17 views

CVE-2024-10456 Delta Electronics InfraSuite Device Master Deserialization of Untrusted Data

Delta Electronics InfraSuite Device Master versions prior to 1.0.12 are affected by a deserialization vulnerability that targets the Device-Gateway, which could allow deserialization of arbitrary .NET objects prior to authentication...

9.8CVSS7AI score0.177EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/30 12:0 a.m.7 views

Delta Electronics InfraSuite Device Master 代码问题漏洞

Delta Electronics InfraSuite Device Master is a device used to simplify and automate the monitoring of critical devices from Delta Electronics China. A code issue vulnerability exists in Delta Electronics InfraSuite Device Master version 1.0.12 and earlier, which stems from being affected by a...

9.8CVSS7.9AI score0.177EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/30 12:0 a.m.6 views

PT-2024-16296 · Delta Electronics · Infrasuite Device Master

Name of the Vulnerable Software and Affected Versions: Delta Electronics InfraSuite Device Master versions prior to 1.0.12 Description: The issue is a deserialization vulnerability that targets the Device-Gateway, allowing deserialization of arbitrary .NET objects prior to authentication. This...

9.8CVSS7.9AI score0.177EPSS
Exploits0References6
Rows per page
Query Builder