CVE-2023-39226
published 2023-11-30CVE-2023-39226: In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute arbitrary code through a…
PriorityP265critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.18%
63.6th percentile
In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute arbitrary code through a single UDP packet.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| delta_electronics | infrasuite_device_master | <= 1.0.7 | — |
| deltaww | infrasuite_device_master | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2023-39226 is exploitable via a single UDP packet sent to Delta Electronics InfraSuite Device Master; monitor for unexpected UDP traffic targeting the service port of InfraSuite Device Master as a potential exploitation attempt. ↗
- →No authentication is required to trigger the vulnerability (CWE-749: Exposed Dangerous Method or Function); any unauthenticated UDP connection to the InfraSuite Device Master service should be treated as suspicious and alerted on. ↗
- →Affected product version is InfraSuite Device Master 1.0.7 and prior; presence of these versions on the network indicates an unpatched, exploitable target. ↗
- ·The vulnerability class is CWE-749 (Exposed Dangerous Method or Function) delivered over UDP with no authentication required; exploitation requires only network reachability to the service — no credentials, no prior session. ↗
- ·No known public exploitation or proof-of-concept has been reported to CISA at the time of advisory publication, limiting available concrete IOCs (hashes, IPs, domains). ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9vr4-q3ch-rj27: In Delta Electronics InfraSuite Device Master v
ghsa_unreviewed·2023-12-01
CVE-2023-39226 [CRITICAL] CWE-749 GHSA-9vr4-q3ch-rj27: In Delta Electronics InfraSuite Device Master v
In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute arbitrary code through a single UDP packet.
CISA ICS
Delta Electronics InfraSuite Device Master
cisa_ics·2023-11-28·CVSS 9.8
[CRITICAL] Delta Electronics InfraSuite Device Master
ICS Advisory
##
Delta Electronics InfraSuite Device Master
Release DateNovember 28, 2023
Alert CodeICSA-23-331-01
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Delta Electronics
- Equipment: InfraSuite Device Master
- Vulnerabilities: Path Traversal, Deserialization of Untrusted Data, Exposed Dangerous Method or Function, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to remotely execute arbitrary code and obtain plaintext credentials.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following Delta Electronics products are affected:
- InfraSuite Device Mas
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-11-30
Published