Deserialization Vulnerability in Delta Electronics InfraSuite Device Master
CVE-2022-41778

9.8CRITICAL

Key Information:

Vendor: Delta Electronics
Status: Infrasuite Device Master
Vendor: CVE Published:; 13 January 2023

Summary

The Delta Electronics InfraSuite Device Master versions 00.00.01a and earlier contain a significant deserialization vulnerability. This flaw allows an attacker to send specially crafted user-supplied data via the Device-DataCollect service. Without adequate checks, the system may deserialize these malicious objects, potentially resulting in arbitrary code execution. Organizations using these affected versions should review their security measures and apply necessary updates to mitigate the risks associated with this vulnerability.

Affected Version(s)

InfraSuite Device Master 0 <= 00.00.01a

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-07

government-resource

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 13, 2023
Vulnerability Reserved
Sep 29, 2022

Credit

kimiya

Trend Micro Zero Day Initiative