CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46690 – Delta Electronics InfraSuite Device Master Path Traversal
https://notcve.org/view.php?id=CVE-2023-46690
In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an attacker to write to any file to any location of the filesystem, which could lead to remote code execution. En Delta Electronics InfraSuite Device Master v.1.0.7, existe una vulnerabilidad que permite a un atacante escribir en cualquier archivo en cualquier ubicación del sistema de archivos, lo que podría provocar la ejecución remota de código. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics InfraSuite Device Master. Authentication is required to exploit this vulnerability. The specific flaw exists within the UploadMedia function. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-331-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-35: Path Traversal: '.../ •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47207 – Delta Electronics InfraSuite Device Master Deserialization of Untrusted Data
https://notcve.org/view.php?id=CVE-2023-47207
In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute code with local administrator privileges. En Delta Electronics InfraSuite Device Master v.1.0.7, existe una vulnerabilidad que permite a un atacante no autenticado ejecutar código con privilegios de administrador local. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Device-DataCollect service, which listens on TCP port 3000 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-331-01 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47279 – Delta Electronics InfraSuite Device Master Path Traversal
https://notcve.org/view.php?id=CVE-2023-47279
In Delta Electronics InfraSuite Device Master v.1.0.7, A vulnerability exists that allows an unauthenticated attacker to disclose user information through a single UDP packet, obtain plaintext credentials, or perform NTLM relaying. En Delta Electronics InfraSuite Device Master v.1.0.7, existe una vulnerabilidad que permite a un atacante no autenticado revelar información del usuario a través de un único paquete UDP, obtener credenciales de texto plano o realizar retransmisión NTLM. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Electronics InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the PlayWaveFile method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-331-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-35: Path Traversal: '.../ •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5461 – Delta Electronics WPLSoft Modbus cleartext transmission
https://notcve.org/view.php?id=CVE-2023-5461
A vulnerability was found in Delta Electronics WPLSoft 2.51. It has been classified as problematic. Affected is an unknown function of the component Modbus Handler. The manipulation leads to cleartext transmission of sensitive information. It is possible to launch the attack remotely. • https://drive.google.com/drive/folders/17nBJt3tejqipE_L-lMEhYXeGhG0eii-_ https://vuldb.com/?ctiid.241584 https://vuldb.com/?id.241584 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5460 – Delta Electronics WPLSoft Modbus Data Packet heap-based overflow
https://notcve.org/view.php?id=CVE-2023-5460
A vulnerability was found in Delta Electronics WPLSoft up to 2.51 and classified as problematic. This issue affects some unknown processing of the component Modbus Data Packet Handler. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-241583. • https://drive.google.com/drive/folders/1oYxs_KxK4Ftd7OsexGk6upkxhJ3-m8M3 https://vuldb.com/?ctiid.241583 https://vuldb.com/?id.241583 • CWE-122: Heap-based Buffer Overflow •