CVE-2023-1145

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-DataCollect service, which could allow deserialization of requests prior to authentication, resulting in remote code execution.
References
Link Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-02 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

cpe:2.3:a:deltaww:infrasuite_device_master:*:*:*:*:*:*:*:*

History

07 Nov 2023, 04:02

Type Values Removed Values Added
Summary Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-DataCollect service, which could allow deserialization of requests prior to authentication, resulting in remote code execution. Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-DataCollect service, which could allow deserialization of requests prior to authentication, resulting in remote code execution.

30 Mar 2023, 19:48

Type Values Removed Values Added
CWE CWE-502
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8
References (MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-02 - (MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-02 - Third Party Advisory, US Government Resource
CPE cpe:2.3:a:deltaww:infrasuite_device_master:*:*:*:*:*:*:*:*
First Time Deltaww infrasuite Device Master
Deltaww

27 Mar 2023, 17:04

Type Values Removed Values Added
New CVE

Information

Published : 2023-03-27 15:15

Updated : 2023-12-10 15:01


NVD link : CVE-2023-1145

Mitre link : CVE-2023-1145

CVE.ORG link : CVE-2023-1145


JSON object : View

Products Affected

deltaww

  • infrasuite_device_master
CWE
CWE-502

Deserialization of Untrusted Data