CVE-2022-41644

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lacks authentication for a function that changes group privileges. An attacker could use this to create a denial-of-service state or escalate their own privileges...

CVE-2022-41688

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper authentication for functions that create and modify user groups. An attacker could provide malicious serialized objects that could run these functions without authentication to create a new user and add them to th...

CVE-2022-41688

Delta Electronics InfraSuite Device Master prior to 1.0.3 is affected by a missing authentication vulnerability in critical functions that create/modify user groups (notably the AddNewUser path). The root cause involves unauthenticated execution of operations that can create a new user and grant ...

CVE-2022-41688

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper authentication for functions that create and modify user groups. An attacker could provide malicious serialized objects that could run these functions without authentication to create a new user and add them to th...

CVE-2022-40202

CVE-2022-40202 affects Delta Electronics InfraSuite Device Master (versions 00.00.01a and prior). The issue is due to unauthenticated deserialization of user-controlled data that allows triggering a backup scheduling function, which can execute arbitrary files/arguments and enable remote code exe...

CVE-2022-40202

The database backup function in Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior lacks proper authentication. An attacker could provide malicious serialized objects which, when deserialized, could activate an opcode for a backup scheduling function without authentication...

CVE-2022-40202

The database backup function in Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior lacks proper authentication. An attacker could provide malicious serialized objects which, when deserialized, could activate an opcode for a backup scheduling function without authentication...

CVE-2022-41772

Delta Electronics InfraSuite Device Master is affected by CVE-2022-41772: versions 00.00.01a and prior mishandle .ZIP archives with path traversal, enabling remote code execution. The issue arises from improper handling of ZIP content during extraction. Public advisories (CISA ICS, Red Hat, ZDI) ...

CVE-2022-41772

Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior mishandle .ZIP archives containing characters used in path traversal. This path traversal could result in remote code execution...

CVE-2022-41772

Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior mishandle .ZIP archives containing characters used in path traversal. This path traversal could result in remote code execution...

CVE-2022-41657

Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior allow attacker provided data already serialized into memory to be used in file operation application programmable interfaces APIs. This could create arbitrary files, which could be used in API operations and could ultimately...

CVE-2022-41657

Delta Electronics InfraSuite Device Master (versions 00.00.01a and earlier) is affected by multiple CVEs describing an in-memory deserialization/vector issue in file operation APIs that can lead to arbitrary file creation and remote code execution. ZDI advisories for CtrlLayerNWCmd_FileOperation ...

CVE-2022-41657

Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior allow attacker provided data already serialized into memory to be used in file operation application programmable interfaces APIs. This could create arbitrary files, which could be used in API operations and could ultimately...

CVE-2022-41779

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize network packets without proper verification. If the device connects to an attacker-controlled server, the attacker could send maliciously crafted packets that would be deserialized and executed, leading to remote...

CVE-2022-41779

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize network packets without proper verification. If the device connects to an attacker-controlled server, the attacker could send maliciously crafted packets that would be deserialized and executed, leading to remote...

CVE-2022-41779

Delta Electronics InfraSuite Device Master is affected by CVE-2022-41779. The issue is a deserialization of untrusted data in network packets that can be received from an attacker-controlled server, enabling remote code execution on versions 00.00.01a and prior. Evidence across sources confirms t...

CVE-2022-38142

CVE-2022-38142 affects Delta Electronics InfraSuite Device Master, versions 00.00.01a and prior. The vulnerability arises from deserialization of untrusted data received through the Device-DataCollect/Device-Gateway interfaces, with the ZDI advisory noting a lack of proper validation on the port ...

CVE-2022-38142

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-Gateway service port without proper verification. An attacker could provide malicious serialized objects to execute arbitrary code upon deserialization...

CVE-2022-38142

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-Gateway service port without proper verification. An attacker could provide malicious serialized objects to execute arbitrary code upon deserialization...

Delta Electronics DIAEnergie SQL Injection (CVE-2022-1366)

An SQL injection exists in Delta Industrial Automation DIAEnergie. The vulnerability is due to insufficient input validation when processing requests...