Lucene search
Piotr Bazydlo (@chudypb) of Trend Micro Zero Day InitiativeZDI-23-906HistoryJul 10, 2023 - 12:00 a.m.
Delta Electronics InfraSuite Device Master Device-Gateway Deserialization of Untrusted Data Remote Code Execution Vulnerability
2023-07-1000:00:00
Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative
www.zerodayinitiative.com
5
remote code execution
delta electronics
infrasuite
device-gateway
tcp port 3100
untrusted data
administrator context
0.001 Low
EPSS
Percentile
47.6%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Device-Gateway service, which listens on TCP port 3100 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of an administrator.
Related
prion
prion
Code injection
2023-07-10 19:15:00
cvelist
cvelist
nvd
nvd
CVE-2023-34347
2023-07-10 19:15:09
cve
cve
CVE-2023-34347
2023-07-10 19:15:09
ics
ics
Delta Electronics InfraSuite Device Master
2023-06-29 12:00:00