CVE-2023-1140
CVE-2023-1140
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability that could allow an attacker to achieve unauthenticated remote code execution in the context of an administrator.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics InfraSuite Device Master. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the configuration of Apache ActiveMQ. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of an administrator.
*Credits:
Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-03-01 CVE Reserved
- 2023-03-27 CVE Published
- 2024-08-02 CVE Updated
- 2024-11-01 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-306: Missing Authentication for Critical Function
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-02 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Deltaww Search vendor "Deltaww" | Infrasuite Device Master Search vendor "Deltaww" for product "Infrasuite Device Master" | < 1.0.5 Search vendor "Deltaww" for product "Infrasuite Device Master" and version " < 1.0.5" | - |
Affected
| ||||||