Delta Industrial Automation InfraSuite Device Master ModifyPrivByID Missing Authentication Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges or create a denial-of-service condition on affected installations of Delta Industrial Automation InfraSuite Device Master. Authentication is not required to create a denial-of-service condition. Authentication is required to achieve privilege escalation. The specific flaw exists within the ModifyPrivByID function. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user or to create a denial-of-service condition on system.