Delta Electronics InfraSuite Device Master Improper Access Control
CVE-2023-34316

7.5HIGH

Key Information:

Vendor: Delta Electronics
Status: Infrasuite Device Master
Vendor: CVE Published:; 10 July 2023

Summary

The vulnerability in Delta Electronics InfraSuite Device Master allows attackers to bypass recent patches in versions earlier than 1.0.7, potentially enabling unauthorized access to sensitive file contents. This oversight presents a significant risk to organizations utilizing the affected software, as attackers could exploit this flaw to extract confidential information.

Affected Version(s)

Infrasuite Device Master 0

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-1...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 10, 2023
Vulnerability Reserved
Jun 6, 2023

Credit

Piotr Bazydlo of Trend Micro’s Zero Day Initiative reported these vulnerabilities to CISA.