CVE-2023-1134
CVE-2023-1134

7.1HIGH

Key Information:

Vendor: Delta Electronics
Status: Infrasuite Device Master
Vendor: CVE Published:; 27 March 2023

Summary

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are susceptible to a path traversal vulnerability. This flaw may enable attackers to access local files, potentially exposing sensitive information such as plaintext credentials. Furthermore, it could facilitate privilege escalation, providing unauthorized access to sensitive functionalities within the device.

Affected Version(s)

InfraSuite Device Master 0 < 1.0.5

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-0...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 27, 2023
Vulnerability Reserved
Mar 1, 2023