CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39226 – Delta Electronics InfraSuite Device Master Exposed Dangerous Method Or Function
https://notcve.org/view.php?id=CVE-2023-39226
In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute arbitrary code through a single UDP packet. En Delta Electronics InfraSuite Device Master v.1.0.7, existe una vulnerabilidad que permite a un atacante no autenticado ejecutar código arbitrario a través de un único paquete UDP. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RunScript method. The issue results from an exposed dangerous method. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-331-01 • CWE-749: Exposed Dangerous Method or Function •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46690 – Delta Electronics InfraSuite Device Master Path Traversal
https://notcve.org/view.php?id=CVE-2023-46690
In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an attacker to write to any file to any location of the filesystem, which could lead to remote code execution. En Delta Electronics InfraSuite Device Master v.1.0.7, existe una vulnerabilidad que permite a un atacante escribir en cualquier archivo en cualquier ubicación del sistema de archivos, lo que podría provocar la ejecución remota de código. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics InfraSuite Device Master. Authentication is required to exploit this vulnerability. The specific flaw exists within the UploadMedia function. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-331-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-35: Path Traversal: '.../ •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47279 – Delta Electronics InfraSuite Device Master Path Traversal
https://notcve.org/view.php?id=CVE-2023-47279
In Delta Electronics InfraSuite Device Master v.1.0.7, A vulnerability exists that allows an unauthenticated attacker to disclose user information through a single UDP packet, obtain plaintext credentials, or perform NTLM relaying. En Delta Electronics InfraSuite Device Master v.1.0.7, existe una vulnerabilidad que permite a un atacante no autenticado revelar información del usuario a través de un único paquete UDP, obtener credenciales de texto plano o realizar retransmisión NTLM. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Electronics InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the PlayWaveFile method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-331-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-35: Path Traversal: '.../ •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5461 – Delta Electronics WPLSoft Modbus cleartext transmission
https://notcve.org/view.php?id=CVE-2023-5461
A vulnerability was found in Delta Electronics WPLSoft 2.51. It has been classified as problematic. Affected is an unknown function of the component Modbus Handler. The manipulation leads to cleartext transmission of sensitive information. It is possible to launch the attack remotely. • https://drive.google.com/drive/folders/17nBJt3tejqipE_L-lMEhYXeGhG0eii-_ https://vuldb.com/?ctiid.241584 https://vuldb.com/?id.241584 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5460 – Delta Electronics WPLSoft Modbus Data Packet heap-based overflow
https://notcve.org/view.php?id=CVE-2023-5460
A vulnerability was found in Delta Electronics WPLSoft up to 2.51 and classified as problematic. This issue affects some unknown processing of the component Modbus Data Packet Handler. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-241583. • https://drive.google.com/drive/folders/1oYxs_KxK4Ftd7OsexGk6upkxhJ3-m8M3 https://vuldb.com/?ctiid.241583 https://vuldb.com/?id.241583 • CWE-122: Heap-based Buffer Overflow •