CVE-2023-47279
published 2023-11-30CVE-2023-47279: In Delta Electronics InfraSuite Device Master v.1.0.7, A vulnerability exists that allows an unauthenticated attacker to disclose user information through a…
PriorityP346high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
1.12%
62.0th percentile
In Delta Electronics InfraSuite Device Master v.1.0.7, A vulnerability exists that allows an unauthenticated attacker to disclose user information through a single UDP packet, obtain plaintext credentials, or perform NTLM relaying.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| delta_electronics | infrasuite_device_master | <= 1.0.7 | — |
| deltaww | infrasuite_device_master | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-395p-v3qv-q9fr: In Delta Electronics InfraSuite Device Master v
ghsa_unreviewed·2023-12-01
CVE-2023-47279 [HIGH] CWE-22 GHSA-395p-v3qv-q9fr: In Delta Electronics InfraSuite Device Master v
In Delta Electronics InfraSuite Device Master v.1.0.7, A vulnerability exists that allows an unauthenticated attacker to disclose user information through a single UDP packet, obtain plaintext credentials, or perform NTLM relaying.
CISA ICS
Delta Electronics InfraSuite Device Master
cisa_ics·2023-11-28·CVSS 9.8
[CRITICAL] Delta Electronics InfraSuite Device Master
ICS Advisory
##
Delta Electronics InfraSuite Device Master
Release DateNovember 28, 2023
Alert CodeICSA-23-331-01
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Delta Electronics
- Equipment: InfraSuite Device Master
- Vulnerabilities: Path Traversal, Deserialization of Untrusted Data, Exposed Dangerous Method or Function, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to remotely execute arbitrary code and obtain plaintext credentials.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following Delta Electronics products are affected:
- InfraSuite Device Mas
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-11-30
Published