EUVD-2023-23428

Malicious code in bioql PyPI...

Delta Electronics InfraSuite Device Master Device-DataCollect Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Device-DataCollect service, which listens on TCP port 300...

CVE-2023-1145

Delta Electronics InfraSuite Device Master (Linux/Windows real-time device monitoring software) versions prior to 1.0.5 are affected by a deserialization vulnerability in the Device-DataCollect service that can deserialize requests before authentication, enabling remote code execution. The issue,...

CVE-2022-41778

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-DataCollect service port without proper verification. An attacker could provide malicious serialized objects to execute arbitrary code upon deserialization...

PT-2022-26068 · Delta Electronics · Infrasuite Device Master

Name of the Vulnerable Software and Affected Versions: Delta Electronics InfraSuite Device Master versions 00.00.01a and prior Description: The issue allows an attacker to execute arbitrary code by providing malicious serialized objects through the Device-DataCollect service port without proper...