Vulnerabilities > CVE-2023-1133 - Deserialization of Untrusted Data vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which the Device-status service listens on port 10100/ UDP by default. The service accepts the unverified UDP packets and deserializes the content, which could allow an unauthenticated attacker to remotely execute arbitrary code.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Common Weakness Enumeration (CWE)
References
- http://packetstormsecurity.com/files/172799/Delta-Electronics-InfraSuite-Device-Master-Deserialization.html
- http://packetstormsecurity.com/files/172799/Delta-Electronics-InfraSuite-Device-Master-Deserialization.html
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-02
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-02