CVE-2024-10456
Delta Electronics InfraSuite Device Master Deserialization of Untrusted Data
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Delta Electronics InfraSuite Device Master versions prior to 1.0.12 are affected by a deserialization vulnerability that targets the Device-Gateway, which could allow deserialization of arbitrary .NET objects prior to authentication.
Las versiones de Delta Electronics InfraSuite Device Master anteriores a 1.0.12 se ven afectadas por una vulnerabilidad de deserialización que afecta a Device-Gateway, lo que podría permitir la deserialización de objetos .NET arbitrarios antes de la autenticación.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics InfraSuite Device Master. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of the _gExtraInfo attribute. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of an administrator.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-10-28 CVE Reserved
- 2024-10-30 CVE Published
- 2024-10-31 EPSS Updated
- 2024-11-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-502: Deserialization of Untrusted Data
CAPEC
References (1)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Delta Electronics Search vendor "Delta Electronics" | InfraSuite Device Master Search vendor "Delta Electronics" for product "InfraSuite Device Master" | <= 1.0.12 Search vendor "Delta Electronics" for product "InfraSuite Device Master" and version " <= 1.0.12" | en |
Affected
|