Deltaww Infrasuite Device Master vulnerabilities
31 known vulnerabilities affecting deltaww/infrasuite_device_master.
Total CVEs
31
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL13HIGH18
Vulnerabilities
Page 2 of 2
CVE-2023-1144P3HIGHCVSS 8.8fixed in 1.0.52023-03-27
CVE-2023-1144 [HIGH] CWE-863 CVE-2023-1144: Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contains an improper access contr
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contains an improper access control vulnerability in which an attacker can use the Device-Gateway service and bypass authorization, which could result in privilege escalation.
nvd
CVE-2022-41644P3HIGHCVSS 8.8fixed in 00.00.02a2022-10-31
CVE-2022-41644 [HIGH] CWE-306 CVE-2022-41644: Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lacks authentication for
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lacks authentication for a function that changes group privileges. An attacker could use this to create a denial-of-service state or escalate their own privileges.
nvd
CVE-2023-1134P3HIGHCVSS 8.8fixed in 1.0.52023-03-27
CVE-2023-1134 [HIGH] CWE-22 CVE-2023-1134: Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a path traversal
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a path traversal vulnerability, which could allow an attacker to read local files, disclose plaintext credentials, and escalate privileges.
nvd
CVE-2023-1136P3HIGHCVSS 7.5fixed in 1.0.52023-03-27
CVE-2023-1136 [HIGH] CWE-863 CVE-2023-1136: In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an unauthenticated attacker c
In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an unauthenticated attacker could generate a valid token, which would lead to authentication bypass.
nvd
CVE-2023-47279P3HIGHCVSS 7.5v1.0.72023-11-30
CVE-2023-47279 [HIGH] CWE-22 CVE-2023-47279: In Delta Electronics InfraSuite Device Master v.1.0.7, A vulnerability exists that allows an unauthe
In Delta Electronics InfraSuite Device Master v.1.0.7, A vulnerability exists that allows an unauthenticated attacker to disclose user information through a single UDP packet, obtain plaintext credentials, or perform NTLM relaying.
nvd
CVE-2022-41688P3HIGHCVSS 7.5fixed in 00.00.02a2022-10-31
CVE-2022-41688 [HIGH] CWE-306 CVE-2022-41688: Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper authentication
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper authentication for functions that create and modify user groups. An attacker could provide malicious serialized objects that could run these functions without authentication to create a new user and add them to the administrator group.
nvd
CVE-2023-1138P3HIGHCVSS 7.5fixed in 1.0.52023-03-27
CVE-2023-1138 [HIGH] CVE-2023-1138: Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain an improper access contro
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain an improper access control vulnerability, which could allow an attacker to retrieve Gateway configuration files to obtain plaintext credentials.
nvd
CVE-2022-41776P3HIGHCVSS 7.5fixed in 00.00.02a2022-10-31
CVE-2022-41776 [HIGH] CWE-306 CVE-2022-41776: Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to trigger the WriteConfiguration method, which could allow an attacker to provide new values for user configuration files such as UserListInfo.xml. This could lead to the changing of administrative passwords.
nvd
CVE-2023-1145P3HIGHCVSS 7.8fixed in 1.0.52023-03-27
CVE-2023-1145 [HIGH] CWE-502 CVE-2023-1145: Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserial
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-DataCollect service, which could allow deserialization of requests prior to authentication, resulting in remote code execution.
nvd
CVE-2023-34316P3HIGHCVSS 7.5fixed in 1.0.72023-07-10
CVE-2023-34316 [HIGH] CWE-552 CVE-2023-34316: An attacker could bypass the latest Delta Electronics InfraSuite Device Master (versions prior to 1
An attacker could bypass the latest Delta Electronics InfraSuite Device Master (versions prior to 1.0.7) patch, which could allow an attacker to retrieve file contents.
nvd
CVE-2023-1135P3HIGHCVSS 7.8fixed in 1.0.52023-03-27
CVE-2023-1135 [HIGH] CWE-732 CVE-2023-1135: In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an a
In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could set incorrect directory permissions, which could result in local privilege escalation.
nvd
← Previous2 / 2