Vulnerabilities > Deltaww > Infrasuite Device Master
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-01-26 | CVE-2023-0444 | Unspecified vulnerability in Deltaww Infrasuite Device Master 00.00.02A A privilege escalation vulnerability exists in Delta Electronics InfraSuite Device Master 00.00.02a. | 8.8 |
2023-01-13 | CVE-2022-41778 | Unspecified vulnerability in Deltaww Infrasuite Device Master 00.00.01A Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-DataCollect service port without proper verification. | 8.8 |
2022-10-31 | CVE-2022-38142 | Unspecified vulnerability in Deltaww Infrasuite Device Master 00.00.01A Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-Gateway service port without proper verification. | 9.8 |
2022-10-31 | CVE-2022-40202 | Unspecified vulnerability in Deltaww Infrasuite Device Master 00.00.01A The database backup function in Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior lacks proper authentication. | 9.8 |
2022-10-31 | CVE-2022-41629 | Unspecified vulnerability in Deltaww Infrasuite Device Master 00.00.01A Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to access the aprunning endpoint, which could allow an attacker to retrieve any file from the “RunningConfigs” directory. | 9.1 |
2022-10-31 | CVE-2022-41644 | Missing Authentication for Critical Function vulnerability in Deltaww Infrasuite Device Master 00.00.01A Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lacks authentication for a function that changes group privileges. | 8.8 |
2022-10-31 | CVE-2022-41657 | Unspecified vulnerability in Deltaww Infrasuite Device Master 00.00.01A Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior allow attacker provided data already serialized into memory to be used in file operation application programmable interfaces (APIs). | 9.8 |
2022-10-31 | CVE-2022-41688 | Unspecified vulnerability in Deltaww Infrasuite Device Master 00.00.01A Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper authentication for functions that create and modify user groups. | 7.5 |
2022-10-31 | CVE-2022-41772 | Unspecified vulnerability in Deltaww Infrasuite Device Master 00.00.01A Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior mishandle .ZIP archives containing characters used in path traversal. | 9.8 |
2022-10-31 | CVE-2022-41776 | Unspecified vulnerability in Deltaww Infrasuite Device Master 00.00.01A Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to trigger the WriteConfiguration method, which could allow an attacker to provide new values for user configuration files such as UserListInfo.xml. | 7.5 |