Delta Electronics InfraSuite Device Master Deserialization of Untrusted Data
CVE-2023-47207

9.8CRITICAL

Key Information:

Vendor: Delta Electronics
Status: InfraSuite Device Master
Vendor: CVE Published:; 30 November 2023

Summary

A vulnerability in Delta Electronics InfraSuite Device Master v.1.0.7 allows unauthenticated attackers to execute arbitrary code with local administrator privileges. This flaw poses a serious threat as it can lead to unauthorized control over affected devices, compromising their functionality and security. Organizations utilizing this software should prioritize patching to mitigate risks associated with potential exploits.

Affected Version(s)

InfraSuite Device Master 0 <= 1.0.7

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-3...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 30, 2023
Vulnerability Reserved
Nov 15, 2023

Credit

hir0ot and Piotr Bazydlo (@chudypb) working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA.