Description


In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use URL decoding to retrieve system files, credentials, and bypass authentication resulting in privilege escalation.

Related CPE's


References


https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-02

Third Party AdvisoryUS Government Resource

Weaknesses



CWE-22

CVSS impact metrics


CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 · Critical

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information


Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-03-27T15:15:08.000

2 years ago

Last modified

2023-11-07T04:02:37.760

1 year ago