Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-DataCollect service port without proper verification. An attacker could provide malicious serialized objects to execute arbitrary code upon deserialization.
References
Link | Resource |
---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-07 | Third Party Advisory US Government Resource |
Configurations
History
07 Nov 2023, 03:52
Type | Values Removed | Values Added |
---|---|---|
Summary | Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-DataCollect service port without proper verification. An attacker could provide malicious serialized objects to execute arbitrary code upon deserialization. |
23 Jan 2023, 18:28
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:deltaww:infrasuite_device_master:*:*:*:*:*:*:*:* | |
First Time |
Deltaww
Deltaww infrasuite Device Master |
|
References | (MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-07 - Third Party Advisory, US Government Resource | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
13 Jan 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-13 00:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-41778
Mitre link : CVE-2022-41778
CVE.ORG link : CVE-2022-41778
JSON object : View
Products Affected
deltaww
- infrasuite_device_master
CWE
CWE-502
Deserialization of Untrusted Data