Lucene search
Piotr Bazydlo (@chudypb) of Trend Micro Zero Day InitiativeZDI-23-676HistoryMay 17, 2023 - 12:00 a.m.
Delta Electronics InfraSuite Device Master ActionExeScriptString Exposed Dangerous Function Remote Code Execution Vulnerability
2023-05-1700:00:00
Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative
www.zerodayinitiative.com
9
vulnerability
remote code execution
delta electronics infrasuite device master
arbitrary code
authentication bypass
dangerous function
administrator context.
EPSS
0.001
Percentile
48.8%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics InfraSuite Device Master. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ActionExeScriptString function. The issue results from the exposure of a dangerous function. An attacker can leverage this vulnerability to execute code in the context of an administrator.
Related
cvelist
cvelist
CVE-2023-1143 CVE-2023-1143
2023-03-27 14:46:20
nvd
nvd
CVE-2023-1143
2023-03-27 15:15:08
cve
cve
CVE-2023-1143
2023-03-27 15:15:08
cnvd
cnvd
Delta Electronics InfraSuite Device Master has an unspecified vulnerability
2023-03-29 00:00:00
prion
prion
Code injection
2023-03-27 15:15:00
ics
ics
Delta Electronics InfraSuite Device Master
2023-03-21 12:00:00