Delta Electronics InfraSuite Device Master Improper Access Control
CVE-2023-30765

9.8CRITICAL

Key Information:

Vendor: Delta Electronics
Status: Infrasuite Device Master
Vendor: CVE Published:; 10 July 2023

Badges

👾 Exploit Exists🟡 Public PoC

Summary

Delta Electronics InfraSuite Device Master up to version 1.0.6 is susceptible to improper access control mechanisms. This vulnerability could be exploited by attackers to manipulate privilege management configurations, leading to unauthorized privilege escalation and potential control over critical system functionalities.

Affected Version(s)

Infrasuite Device Master 0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-30765
Created by 0xfml

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-1...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Jul 19, 2023
👾
Exploit known to exist
Jul 19, 2023
Vulnerability published
Jul 10, 2023
Vulnerability Reserved
Jun 6, 2023

Credit

Piotr Bazydlo of Trend Micro’s Zero Day Initiative reported these vulnerabilities to CISA.