Published: 27/03/2023 Updated: 07/11/2023

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

Delta Electronics InfraSuite Device Master versions before 1.0.5 contain a vulnerability in which the Device-status service listens on port 10100/ UDP by default. The service accepts the unverified UDP packets and deserializes the content, which could allow an unauthenticated malicious user to remotely execute arbitrary code.

Vulnerable Product	Search on Vulmon	Subscribe to Product
deltaww infrasuite device master

Check Point Reference: CPAI-2023-0933 Date Published: 23 Oct 2023 Severity: High ...

Delta Electronics InfraSuite Device Master versions below 105 have an unauthenticated NET deserialization vulnerability within the ParseUDPPacket() method of the Device-Gateway-Status process The ParseUDPPacket() method reads user-controlled packet data and eventually calls BinaryFormatterDeserialize() on what it determines to be the packet he ...

CWE-502 https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-02 http://packetstormsecurity.com/files/172799/Delta-Electronics-InfraSuite-Device-Master-Deserialization.html https://nvd.nist.gov https://packetstormsecurity.com/files/172799/Delta-Electronics-InfraSuite-Device-Master-Deserialization.html https://www.zerodayinitiative.com/advisories/ZDI-23-683/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-1133

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect