CVE-2023-1142
CVE-2023-1142

7.5HIGH

Key Information:

Vendor: Delta Electronics
Status: Infrasuite Device Master
Vendor: CVE Published:; 27 March 2023

Summary

In earlier versions of Delta Electronics InfraSuite Device Master, a potential vulnerability allows attackers to exploit URL decoding techniques. This could lead to unauthorized access to sensitive system files and credentials, undermining security measures and allowing for privilege escalation. Users are strongly advised to upgrade to version 1.0.5 or later to mitigate these risks.

Affected Version(s)

InfraSuite Device Master 0 < 1.0.5

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-0...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 27, 2023
Vulnerability Reserved
Mar 1, 2023