Vulnerabilities > Deltaww > Infrasuite Device Master

DATE CVE VULNERABILITY TITLE RISK
2023-01-26 CVE-2023-0444 Unspecified vulnerability in Deltaww Infrasuite Device Master 00.00.02A
A privilege escalation vulnerability exists in Delta Electronics InfraSuite Device Master 00.00.02a.
network
low complexity
deltaww
8.8
2023-01-13 CVE-2022-41778 Unspecified vulnerability in Deltaww Infrasuite Device Master 00.00.01A
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-DataCollect service port without proper verification.
network
low complexity
deltaww
8.8
2022-10-31 CVE-2022-38142 Unspecified vulnerability in Deltaww Infrasuite Device Master 00.00.01A
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-Gateway service port without proper verification.
network
low complexity
deltaww
critical
9.8
2022-10-31 CVE-2022-40202 Unspecified vulnerability in Deltaww Infrasuite Device Master 00.00.01A
The database backup function in Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior lacks proper authentication.
network
low complexity
deltaww
critical
9.8
2022-10-31 CVE-2022-41629 Unspecified vulnerability in Deltaww Infrasuite Device Master 00.00.01A
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to access the aprunning endpoint, which could allow an attacker to retrieve any file from the “RunningConfigs” directory.
network
low complexity
deltaww
critical
9.1
2022-10-31 CVE-2022-41644 Missing Authentication for Critical Function vulnerability in Deltaww Infrasuite Device Master 00.00.01A
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lacks authentication for a function that changes group privileges.
network
low complexity
deltaww CWE-306
8.8
2022-10-31 CVE-2022-41657 Unspecified vulnerability in Deltaww Infrasuite Device Master 00.00.01A
Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior allow attacker provided data already serialized into memory to be used in file operation application programmable interfaces (APIs).
network
low complexity
deltaww
critical
9.8
2022-10-31 CVE-2022-41688 Unspecified vulnerability in Deltaww Infrasuite Device Master 00.00.01A
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper authentication for functions that create and modify user groups.
network
low complexity
deltaww
7.5
2022-10-31 CVE-2022-41772 Unspecified vulnerability in Deltaww Infrasuite Device Master 00.00.01A
Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior mishandle .ZIP archives containing characters used in path traversal.
network
low complexity
deltaww
critical
9.8
2022-10-31 CVE-2022-41776 Unspecified vulnerability in Deltaww Infrasuite Device Master 00.00.01A
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to trigger the WriteConfiguration method, which could allow an attacker to provide new values for user configuration files such as UserListInfo.xml.
network
low complexity
deltaww
7.5