Vulnerabilities > Deltaww
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-06-07 | CVE-2023-25177 | Unspecified vulnerability in Deltaww Cncsoft-B 1.0.0.2/1.0.0.4 Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are vulnerable to stack-based buffer overflow, which could allow an attacker to execute arbitrary code. | 7.8 |
2023-03-31 | CVE-2023-0432 | Cross-site Scripting vulnerability in Deltaww Dx-2100L1-Cn Firmware The web configuration service of the affected device contains an authenticated command injection vulnerability. | 9.0 |
2023-03-27 | CVE-2023-1133 | Deserialization of Untrusted Data vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which the Device-status service listens on port 10100/ UDP by default. | 9.8 |
2023-03-27 | CVE-2023-1134 | Path Traversal vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a path traversal vulnerability, which could allow an attacker to read local files, disclose plaintext credentials, and escalate privileges. | 8.8 |
2023-03-27 | CVE-2023-1135 | Incorrect Permission Assignment for Critical Resource vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could set incorrect directory permissions, which could result in local privilege escalation. | 7.8 |
2023-03-27 | CVE-2023-1136 | Incorrect Authorization vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an unauthenticated attacker could generate a valid token, which would lead to authentication bypass. | 7.5 |
2023-03-27 | CVE-2023-1137 | Insufficiently Protected Credentials vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which a low-level user could extract files and plaintext credentials of administrator users, resulting in privilege escalation. | 8.8 |
2023-03-27 | CVE-2023-1138 | Unspecified vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain an improper access control vulnerability, which could allow an attacker to retrieve Gateway configuration files to obtain plaintext credentials. | 7.5 |
2023-03-27 | CVE-2023-1139 | Deserialization of Untrusted Data vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-gateway service, which could allow deserialization of requests prior to authentication, resulting in remote code execution. | 8.8 |
2023-03-27 | CVE-2023-1140 | Missing Authentication for Critical Function vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability that could allow an attacker to achieve unauthenticated remote code execution in the context of an administrator. | 9.8 |