High

DATE	CVE	VULNERABILITY TITLE	RISK
2023-07-10	CVE-2023-34316	Unspecified vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A/1.0.5 ?An attacker could bypass the latest Delta Electronics InfraSuite Device Master (versions prior to 1.0.7) patch, which could allow an attacker to retrieve file contents. network low complexity deltaww	7.5
2023-06-07	CVE-2023-24014	Out-of-bounds Write vulnerability in Deltaww Cncsoft-B 1.0.0.2/1.0.0.4 Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are vulnerable to heap-based buffer overflow, which could allow an attacker to execute arbitrary code. local low complexity deltaww CWE-787	7.8
2023-06-07	CVE-2023-25177	Unspecified vulnerability in Deltaww Cncsoft-B 1.0.0.2/1.0.0.4 Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are vulnerable to stack-based buffer overflow, which could allow an attacker to execute arbitrary code. local low complexity deltaww	7.8
2023-03-27	CVE-2023-1134	Path Traversal vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a path traversal vulnerability, which could allow an attacker to read local files, disclose plaintext credentials, and escalate privileges. network low complexity deltaww CWE-22	8.8
2023-03-27	CVE-2023-1135	Incorrect Permission Assignment for Critical Resource vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could set incorrect directory permissions, which could result in local privilege escalation. local low complexity deltaww CWE-732	7.8
2023-03-27	CVE-2023-1136	Incorrect Authorization vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an unauthenticated attacker could generate a valid token, which would lead to authentication bypass. network low complexity deltaww CWE-863	7.5
2023-03-27	CVE-2023-1137	Insufficiently Protected Credentials vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which a low-level user could extract files and plaintext credentials of administrator users, resulting in privilege escalation. network low complexity deltaww CWE-522	8.8
2023-03-27	CVE-2023-1138	Unspecified vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain an improper access control vulnerability, which could allow an attacker to retrieve Gateway configuration files to obtain plaintext credentials. network low complexity deltaww	7.5
2023-03-27	CVE-2023-1139	Deserialization of Untrusted Data vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-gateway service, which could allow deserialization of requests prior to authentication, resulting in remote code execution. network low complexity deltaww CWE-502	8.8
2023-03-27	CVE-2023-1141	Command Injection vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a command injection vulnerability that could allow an attacker to inject arbitrary commands, which could result in remote code execution. network low complexity deltaww CWE-77	8.8