Delta Electronics InfraSuite Device Master Deserialization of Untrusted Data
CVE-2023-34347

9.8CRITICAL

Key Information:

Vendor: Delta Electronics
Status: Infrasuite Device Master
Vendor: CVE Published:; 10 July 2023

Summary

Delta Electronics InfraSuite Device Master prior to version 1.0.7 is vulnerable due to the presence of classes that are not safe for deserialization. This vulnerability could be exploited by an attacker to execute arbitrary code remotely, posing a significant security risk to environments utilizing this software. Organizations using affected versions are encouraged to upgrade to secure their systems against potential exploitation.

Affected Version(s)

Infrasuite Device Master 0

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-1...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 10, 2023
Vulnerability Reserved
Jun 6, 2023

Credit

Piotr Bazydlo (@chudypb) of Trend Micro’s Zero Day Initiative reported these vulnerabilities to CISA.