5 results (0.006 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Delta Electronics InfraSuite Device Master versions prior to 1.0.12 are affected by a deserialization vulnerability that targets the Device-Gateway, which could allow deserialization of arbitrary .NET objects prior to authentication. Las versiones de Delta Electronics InfraSuite Device Master anteriores a 1.0.12 se ven afectadas por una vulnerabilidad de deserialización que afecta a Device-Gateway, lo que podría permitir la deserialización de objetos .NET arbitrarios antes de la autenticación. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the _gExtraInfo attribute. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-303-03 • CWE-502: Deserialization of Untrusted Data •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute arbitrary code through a single UDP packet. En Delta Electronics InfraSuite Device Master v.1.0.7, existe una vulnerabilidad que permite a un atacante no autenticado ejecutar código arbitrario a través de un único paquete UDP. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RunScript method. The issue results from an exposed dangerous method. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-331-01 • CWE-749: Exposed Dangerous Method or Function •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an attacker to write to any file to any location of the filesystem, which could lead to remote code execution. En Delta Electronics InfraSuite Device Master v.1.0.7, existe una vulnerabilidad que permite a un atacante escribir en cualquier archivo en cualquier ubicación del sistema de archivos, lo que podría provocar la ejecución remota de código. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics InfraSuite Device Master. Authentication is required to exploit this vulnerability. The specific flaw exists within the UploadMedia function. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-331-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-35: Path Traversal: '.../ •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute code with local administrator privileges. En Delta Electronics InfraSuite Device Master v.1.0.7, existe una vulnerabilidad que permite a un atacante no autenticado ejecutar código con privilegios de administrador local. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Device-DataCollect service, which listens on TCP port 3000 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-331-01 • CWE-502: Deserialization of Untrusted Data •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

In Delta Electronics InfraSuite Device Master v.1.0.7, A vulnerability exists that allows an unauthenticated attacker to disclose user information through a single UDP packet, obtain plaintext credentials, or perform NTLM relaying. En Delta Electronics InfraSuite Device Master v.1.0.7, existe una vulnerabilidad que permite a un atacante no autenticado revelar información del usuario a través de un único paquete UDP, obtener credenciales de texto plano o realizar retransmisión NTLM. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Electronics InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the PlayWaveFile method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-331-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-35: Path Traversal: '.../ •