CVE-2023-46690
published 2023-11-30CVE-2023-46690: In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an attacker to write to any file to any location of the filesystem…
PriorityP357high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.53%
71.6th percentile
In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an attacker to write to any file to any location of the filesystem, which could lead to remote code execution.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| delta_electronics | infrasuite_device_master | <= 1.0.7 | — |
| deltaww | infrasuite_device_master | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Delta Electronics InfraSuite Device Master
cisa_ics·2023-11-28·CVSS 9.8
[CRITICAL] Delta Electronics InfraSuite Device Master
ICS Advisory
##
Delta Electronics InfraSuite Device Master
Release DateNovember 28, 2023
Alert CodeICSA-23-331-01
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Delta Electronics
- Equipment: InfraSuite Device Master
- Vulnerabilities: Path Traversal, Deserialization of Untrusted Data, Exposed Dangerous Method or Function, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to remotely execute arbitrary code and obtain plaintext credentials.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following Delta Electronics products are affected:
- InfraSuite Device Mas
GHSA
GHSA-3x3c-pjw5-pjr2: In Delta Electronics InfraSuite Device Master v
ghsa_unreviewed·2023-12-01
CVE-2023-46690 [HIGH] CWE-22 GHSA-3x3c-pjw5-pjr2: In Delta Electronics InfraSuite Device Master v
In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an attacker to write to any file to any location of the filesystem, which could lead to remote code execution.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-11-30
Published