CVE-2023-1133
published 2023-03-27CVE-2023-1133: Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which the Device-status service listens on port 10100/ UDP by…
PriorityP183critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
50.05%
98.8th percentile
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which the Device-status service listens on port 10100/ UDP by default. The service accepts the unverified UDP packets and deserializes the content, which could allow an unauthenticated attacker to remotely execute arbitrary code.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| delta_electronics | infrasuite_device_master | < 1.0.5 | 1.0.5 |
| deltaww | infrasuite_device_master | < 1.0.5 | 1.0.5 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unexpected UDP traffic on port 10100 destined for InfraSuite Device Master hosts; any unsolicited or unauthenticated packets should be treated as suspicious. ↗
- →Alert on anomalous child processes spawned by the 'Device-Gateway-Status' process, as successful exploitation results in code execution under that process context. ↗
- →Inspect UDP payloads on port 10100 for .NET BinaryFormatter serialized object headers (magic bytes: 0x00 0x01 0x00 0x00 0x00 / NRBF format); presence of these in inbound packets is a strong indicator of exploitation attempts. ↗
- →Focus detection on the 'ParseUDPPacket()' method being invoked with externally-supplied data; network-level inspection of UDP/10100 traffic for serialized .NET objects is the primary detection surface. ↗
- ·The vulnerable service binds to UDP/10100 by default and requires no authentication, meaning any network-reachable host can trigger deserialization without credentials. ↗
- ·Affected versions are strictly below 1.0.5; ensure version checks target Delta Electronics InfraSuite Device Master < 1.0.5. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fr93-5v56-vrf7: Delta Electronics InfraSuite Device Master versions prior to 1
ghsa_unreviewed·2023-03-27
CVE-2023-1133 [CRITICAL] CWE-502 GHSA-fr93-5v56-vrf7: Delta Electronics InfraSuite Device Master versions prior to 1
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which the Device-status service listens on port 10100/ UDP by default. The service accepts the unverified UDP packets and deserializes the content, which could allow an unauthenticated attacker to remotely execute arbitrary code.
CISA ICS
Delta Electronics InfraSuite Device Master
cisa_ics·2023-03-21·CVSS 9.8
[CRITICAL] Delta Electronics InfraSuite Device Master
ICS Advisory
##
Delta Electronics InfraSuite Device Master
Release DateMarch 21, 2023
Alert CodeICSA-23-080-02
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Delta Electronics
- Equipment: InfraSuite Device Master
- Vulnerabilities: Deserialization of Untrusted Data, Improper Access Control, Exposed Dangerous Method or Function, Path Traversal, Improper Authentication, Command Injection, Incorrect Permission Assignment for Critical Resource, Missing Authentication for Critical Function
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to obtain access to files and credentials, escalate privileges, and remotely execute arbitrary code.
## 3.
No detection rules found.
http://packetstormsecurity.com/files/172799/Delta-Electronics-InfraSuite-Device-Master-Deserialization.htmlhttps://www.cisa.gov/news-events/ics-advisories/icsa-23-080-02http://packetstormsecurity.com/files/172799/Delta-Electronics-InfraSuite-Device-Master-Deserialization.htmlhttps://www.cisa.gov/news-events/ics-advisories/icsa-23-080-02
2023-03-27
Published