Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-Gateway service port without proper verification. An attacker could provide malicious serialized objects to execute arbitrary code upon deserialization.
References
| Link | Resource |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-07 | Patch Third Party Advisory US Government Resource |
Configurations
History
07 Nov 2023, 03:50
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-Gateway service port without proper verification. An attacker could provide malicious serialized objects to execute arbitrary code upon deserialization. |
02 Nov 2022, 12:58
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Deltaww
Deltaww infrasuite Device Master |
|
| References | (MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-07 - Patch, Third Party Advisory, US Government Resource | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
| CPE | cpe:2.3:a:deltaww:infrasuite_device_master:*:*:*:*:*:*:*:* |
31 Oct 2022, 20:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-10-31 20:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-38142
Mitre link : CVE-2022-38142
CVE.ORG link : CVE-2022-38142
JSON object : View
Products Affected
deltaww
- infrasuite_device_master
CWE
CWE-502
Deserialization of Untrusted Data