Lucene search
+L

295 matches found

OSV
OSV
added 2023/07/10 7:15 p.m.5 views

CVE-2023-34347

​Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contains classes that cannot be deserialized, which could allow an attack to remotely execute arbitrary code...

9.8CVSS6AI score0.00951EPSS
Exploits0References1
Prion
Prion
added 2023/07/10 7:15 p.m.16 views

Code injection

?Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contains classes that cannot be deserialized, which could allow an attack to remotely execute arbitrary code...

7.5CVSS9.6AI score0.00951EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/07/10 7:4 p.m.65 views

CVE-2023-30765

CVE-2023-30765 concerns Delta Electronics InfraSuite Device Master, prior to version 1.0.7, with improper access controls that could allow an attacker to alter privilege management configurations and escalate privileges. Connected sources confirm the affected product and root cause (improper acce...

9.8CVSS9.2AI score0.01967EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/07/10 7:1 p.m.42 views

CVE-2023-34316

Delta Electronics InfraSuite Device Master (versions prior to 1.0.7) is affected by CVE-2023-34316 (Improper Access Control). The vulnerability could allow an attacker to bypass patches and retrieve file contents due to insufficient access control on the device. Delta Electronics has provided a f...

7.5CVSS7AI score0.00615EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/07/10 7:1 p.m.24 views

CVE-2023-34316 Delta Electronics InfraSuite Device Master Improper Access Control

​An attacker could bypass the latest Delta Electronics InfraSuite Device Master versions prior to 1.0.7 patch, which could allow an attacker to retrieve file contents...

6.5CVSS7.7AI score0.00615EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/07/10 6:59 p.m.14 views

CVE-2023-34347 ​Delta Electronics InfraSuite Device Master Deserialization of Untrusted Data

​Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contains classes that cannot be deserialized, which could allow an attack to remotely execute arbitrary code...

9.8CVSS7.4AI score0.00951EPSS
Exploits0References1
CVE
CVE
added 2023/07/10 6:59 p.m.55 views

CVE-2023-34347

Delta Electronics InfraSuite Device Master is affected by CVE-2023-34347. Versions prior to 1.0.7 contain classes that cannot be deserialized, enabling remote code execution via deserialization of untrusted data. The vulnerability affects the Device Master’s deserialization mechanism and is corro...

9.8CVSS9.7AI score0.00951EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/07/10 12:0 a.m.7 views

Delta Electronics InfraSuite Device Master 代码问题漏洞

Delta Electronics InfraSuite Device Master is a device used to simplify and automate critical device monitoring by Delta Electronics of Taiwan, China. A code issue vulnerability exists in Delta Electronics InfraSuite Device Master versions prior to 1.0.7 that stems from the inclusion of classes...

9.8CVSS8.8AI score0.00951EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/07/10 12:0 a.m.5 views

Delta Electronics InfraSuite Device Master 访问控制错误漏洞

Delta Electronics InfraSuite Device Master is a device used to simplify and automate the monitoring of critical equipment from Delta Electronics, Taiwan, China. An access control error vulnerability exists in Delta Electronics InfraSuite Device Master versions prior to 1.0.7. An attacker could...

7.5CVSS7.4AI score0.00615EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
added 2023/07/10 12:0 a.m.23 views

Delta Electronics InfraSuite Device Master APRunning Improper Access Control Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Electronics InfraSuite Device Master. Authentication is required to exploit this vulnerability. The specific flaw exists within the gateway endpoint, which listens on TCP ports 80 and 4...

6.5CVSS6.2AI score0.00615EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/07/10 12:0 a.m.8 views

Delta Electronics InfraSuite Device Master 访问控制错误漏洞

Delta Electronics InfraSuite Device Master is a device used to simplify and automate critical device monitoring by Delta Electronics of Taiwan, China. An Access Control Error vulnerability exists in Delta Electronics InfraSuite Device Master versions prior to 1.0.7 that stems from incorrect acces...

9.8CVSS8.4AI score0.01967EPSS
Exploits1References2
Zero Day Initiative
Zero Day Initiative
added 2023/07/10 12:0 a.m.17 views

Delta Electronics InfraSuite Device Master modifyusergroup Improper Access Control Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of Delta Electronics InfraSuite Device Master. Authentication is required to exploit this vulnerability. The specific flaw exists within the modifyusergroup endpoint. The issue results from improper access...

8.8CVSS6.7AI score0.01967EPSS
Exploits1References1
ICS
ICS
added 2023/06/29 6:0 a.m.51 views

Delta Electronics InfraSuite Device Master

1. EXECUTIVE SUMMARY ​CVSS v3 7.8 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Delta Electronics ​Equipment: InfraSuite Device Master ​Vulnerabilities: Improper Access Control, Deserialization of Untrusted Data 2. RISK EVALUATION ​Successful exploitation of these...

9.8CVSS9.6AI score0.01967EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2023/06/29 12:0 a.m.9 views

PT-2023-8742 · Delta Electronics · Infrasuite Device Master

Name of the Vulnerable Software and Affected Versions: Delta Electronics InfraSuite Device Master versions prior to 1.0.7 Description: The issue is related to a deserialization mechanism flaw in Delta Electronics InfraSuite Device Master, which could allow a remote attacker to execute arbitrary...

9.8CVSS9.5AI score0.00951EPSS
Exploits0References8
Metasploit
Metasploit
added 2023/06/08 7:50 p.m.298 views

Delta Electronics InfraSuite Device Master Deserialization

Delta Electronics InfraSuite Device Master versions below v1.0.5 have an unauthenticated .NET deserialization vulnerability within the 'ParseUDPPacket' method of the 'Device-Gateway-Status' process. The 'ParseUDPPacket' method reads user-controlled packet data and eventually calls...

9.8CVSS9.4AI score0.5005EPSS
Exploits3
0day.today
0day.today
added 2023/06/08 12:0 a.m.374 views

Delta Electronics InfraSuite Device Master Deserialization Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Delta Electronics InfraSuite Device Master Deserialization', 'Description' = %q Delta Electronics InfraSuite Device Master versions below v1.0.5...

9.8CVSS9.2AI score0.5005EPSS
Exploits3
Zero Day Initiative
Zero Day Initiative
added 2023/05/17 12:0 a.m.22 views

Delta Electronics InfraSuite Device Master CtrlLayerNWCmd_ReportFileOperation Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Electronics InfraSuite Device Master. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists...

6.5CVSS6.3AI score0.00659EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2023/05/17 12:0 a.m.19 views

Delta Electronics InfraSuite Device Master APRunning Improper Access Control Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Electronics InfraSuite Device Master. Authentication is required to exploit this vulnerability. The specific flaw exists within the gateway endpoint, which listens on TCP ports 80 and 4...

6.5CVSS6.2AI score0.0055EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2023/05/17 12:0 a.m.22 views

Delta Electronics InfraSuite Device Master ActionExeScriptString Exposed Dangerous Function Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics InfraSuite Device Master. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within t...

8.8CVSS7.5AI score0.00835EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2023/05/17 12:0 a.m.28 views

Delta Electronics InfraSuite Device Master Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Electronics InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WebServerCallBack function. The issue results fro...

7.5CVSS6.1AI score0.0109EPSS
Exploits0References1
Rows per page
Query Builder