Lucene search
KimiyaZDI-22-1482HistoryOct 27, 2022 - 12:00 a.m.
Delta Industrial Automation InfraSuite Device Master CtrlLayerNWCmd_FileOperation Directory Traversal Arbitrary File Deletion Vulnerability
2022-10-2700:00:00
kimiya
www.zerodayinitiative.com
7
industrial automation
infrasuite
device master
ctrllayernwcmd_fileoperation
directory traversal
arbitrary file deletion
remote attackers
authentication
vulnerability
administrator context
EPSS
0.004
Percentile
73.0%
This vulnerability allows remote attackers to delete arbitrary files on affected installations of Delta Industrial Automation InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CtrlLayerNWCmd_FileOperation function. When parsing the fileName element, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of an administrator.
Related
nvd
nvd
CVE-2022-41657
2022-10-31 20:15:13
zdi
zdi
Delta Electronics InfraSuite Device Master CtrlLayerNWCmd_FileOperation Opcode 512 Directory Traversal Remote Code Execution Vulnerability
2023-01-18 00:00:00
prion
prion
Remote code execution
2022-10-31 20:15:00
cvelist
cvelist
CVE-2022-41657
2022-10-31 19:24:37
cve
cve
CVE-2022-41657
2022-10-31 20:15:13
ics
ics
Delta Electronics InfraSuite Device Master (Update A)
2023-01-18 12:00:00