Vulnerabilities > Deltaww

DATE	CVE	VULNERABILITY TITLE	RISK
2023-06-07	CVE-2023-25177	Stack-based Buffer Overflow vulnerability in Deltaww Cncsoft-B 1.0.0.2/1.0.0.4 Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are vulnerable to stack-based buffer overflow, which could allow an attacker to execute arbitrary code. local low complexity deltaww CWE-121	7.8
2023-03-31	CVE-2023-0432	Cross-site Scripting vulnerability in Deltaww Dx-2100L1-Cn Firmware The web configuration service of the affected device contains an authenticated command injection vulnerability. network low complexity deltaww CWE-79 critical	9.0
2023-03-27	CVE-2023-1133	Deserialization of Untrusted Data vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which the Device-status service listens on port 10100/ UDP by default. network low complexity deltaww CWE-502 critical	9.8
2023-03-27	CVE-2023-1134	Path Traversal vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a path traversal vulnerability, which could allow an attacker to read local files, disclose plaintext credentials, and escalate privileges. network low complexity deltaww CWE-22	8.8
2023-03-27	CVE-2023-1135	Incorrect Permission Assignment for Critical Resource vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could set incorrect directory permissions, which could result in local privilege escalation. local low complexity deltaww CWE-732	7.8
2023-03-27	CVE-2023-1136	Incorrect Authorization vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an unauthenticated attacker could generate a valid token, which would lead to authentication bypass. network low complexity deltaww CWE-863	7.5
2023-03-27	CVE-2023-1137	Insufficiently Protected Credentials vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which a low-level user could extract files and plaintext credentials of administrator users, resulting in privilege escalation. network low complexity deltaww CWE-522	8.8
2023-03-27	CVE-2023-1138	Unspecified vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain an improper access control vulnerability, which could allow an attacker to retrieve Gateway configuration files to obtain plaintext credentials. network low complexity deltaww	7.5
2023-03-27	CVE-2023-1139	Deserialization of Untrusted Data vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-gateway service, which could allow deserialization of requests prior to authentication, resulting in remote code execution. network low complexity deltaww CWE-502	8.8
2023-03-27	CVE-2023-1140	Missing Authentication for Critical Function vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability that could allow an attacker to achieve unauthenticated remote code execution in the context of an administrator. network low complexity deltaww CWE-306 critical	9.8

Vulnerabilities > Deltaww {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Deltaww"}]}

Vulnerabilities > Deltaww