CVE-2023-1138
CVE-2023-1138

7.5HIGH

Key Information:

Vendor: Delta Electronics
Status: Infrasuite Device Master
Vendor: CVE Published:; 27 March 2023

Summary

Delta Electronics InfraSuite Device Master versions earlier than 1.0.5 are affected by an improper access control vulnerability. This flaw allows attackers to improperly gain access to system components, enabling them to retrieve sensitive Gateway configuration files. Exploitation of this vulnerability may lead to the exposure of plaintext credentials, creating significant risks for system integrity and data confidentiality.

Affected Version(s)

InfraSuite Device Master 0 < 1.0.5

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-0...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 27, 2023
Vulnerability Reserved
Mar 1, 2023