Vulnerabilities > Deltaww > Infrasuite Device Master > 00.00.02a
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-27 | CVE-2023-1140 | Missing Authentication for Critical Function vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability that could allow an attacker to achieve unauthenticated remote code execution in the context of an administrator. | 9.8 |
| 2023-03-27 | CVE-2023-1141 | Command Injection vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a command injection vulnerability that could allow an attacker to inject arbitrary commands, which could result in remote code execution. | 8.8 |
| 2023-03-27 | CVE-2023-1142 | Path Traversal vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use URL decoding to retrieve system files, credentials, and bypass authentication resulting in privilege escalation. | 9.8 |
| 2023-03-27 | CVE-2023-1143 | Unspecified vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code. | 8.8 |
| 2023-03-27 | CVE-2023-1144 | Incorrect Authorization vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contains an improper access control vulnerability in which an attacker can use the Device-Gateway service and bypass authorization, which could result in privilege escalation. | 8.8 |
| 2023-03-27 | CVE-2023-1145 | Deserialization of Untrusted Data vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-DataCollect service, which could allow deserialization of requests prior to authentication, resulting in remote code execution. | 7.8 |
| 2023-01-26 | CVE-2023-0444 | Unspecified vulnerability in Deltaww Infrasuite Device Master 00.00.02A A privilege escalation vulnerability exists in Delta Electronics InfraSuite Device Master 00.00.02a. | 8.8 |