CVE-2023-47207
published 2023-11-30CVE-2023-47207: In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute code with local administrator…
PriorityP275critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
16.57%
96.6th percentile
In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute code with local administrator privileges.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| delta_electronics | infrasuite_device_master | <= 1.0.7 | — |
| deltaww | infrasuite_device_master | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2023-47207 is a deserialization of untrusted data vulnerability (CWE-502) in Delta Electronics InfraSuite Device Master v1.0.7 and prior, allowing unauthenticated remote code execution with local administrator privileges — monitor for unexpected deserialization activity from unauthenticated network sources targeting this product. ↗
- →CVE-2023-39226 (related, same product/version) allows unauthenticated RCE via a single UDP packet — monitor for anomalous UDP traffic to InfraSuite Device Master hosts, which may indicate exploitation attempts against the broader attack surface including CVE-2023-47207. ↗
- →CVE-2023-47279 (related, same product/version) allows unauthenticated disclosure of user information, plaintext credentials, or NTLM relaying via a single UDP packet — monitor for UDP-based credential harvesting or NTLM relay attempts from InfraSuite Device Master hosts. ↗
- ·No known public exploitation specifically targeting CVE-2023-47207 had been reported to CISA at the time of advisory publication (November 28, 2023). ↗
- ·Affected versions are InfraSuite Device Master 1.0.7 and prior; the vendor-recommended fix is to update to v1.0.10 or later. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Delta Electronics InfraSuite Device Master
cisa_ics·2023-11-28·CVSS 9.8
[CRITICAL] Delta Electronics InfraSuite Device Master
ICS Advisory
##
Delta Electronics InfraSuite Device Master
Release DateNovember 28, 2023
Alert CodeICSA-23-331-01
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Delta Electronics
- Equipment: InfraSuite Device Master
- Vulnerabilities: Path Traversal, Deserialization of Untrusted Data, Exposed Dangerous Method or Function, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to remotely execute arbitrary code and obtain plaintext credentials.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following Delta Electronics products are affected:
- InfraSuite Device Mas
GHSA
GHSA-p4c2-74w6-prrq: In Delta Electronics InfraSuite Device Master v
ghsa_unreviewed·2023-12-01
CVE-2023-47207 [CRITICAL] CWE-502 GHSA-p4c2-74w6-prrq: In Delta Electronics InfraSuite Device Master v
In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute code with local administrator privileges.
No detection rules found.
No public exploits indexed.
2023-11-30
Published