Description

In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use URL decoding to retrieve system files, credentials, and bypass authentication resulting in privilege escalation.

Related CPE's

a

deltaww

infrasuite_device_master

Vulnerable

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-02

Third Party AdvisoryUS Government Resource

https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-02

Third Party AdvisoryUS Government Resource

Weaknesses

[email protected]

Primary
CWE-22

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 · High

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-03-27T13:15:08.000Z

2 years ago

Last modified

2024-11-21T06:38:32.363Z

1 year ago