cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-10456,https://securityvulnerability.io/vulnerability/CVE-2024-10456,Deserialization Vulnerability Affects Delta Electronics' InfraSuite Device Master,"Delta Electronics InfraSuite Device Master versions prior to 1.0.12 are susceptible to a deserialization vulnerability that affects the Device-Gateway component. This vulnerability allows the deserialization of arbitrary .NET objects even before authentication is completed. Exploiting this flaw can lead to potential unauthorized actions or information leakage, thereby posing significant risks to the operational integrity and security of the affected systems.",Delta Electronics,Infrasuite Device Master,9.8,CRITICAL,0.0006500000017695129,false,,false,false,false,,,false,false,,2024-10-30T18:04:52.786Z,0
CVE-2023-47279,https://securityvulnerability.io/vulnerability/CVE-2023-47279,Delta Electronics InfraSuite Device Master Path Traversal,"In the Delta Electronics InfraSuite Device Master version 1.0.7, a vulnerability permits an unauthenticated attacker to disclose sensitive user information using a single UDP packet. This flaw enables the disclosure of plaintext credentials and facilitates NTLM relaying attacks, posing serious security risks to users and systems.",Delta Electronics,InfraSuite Device Master,7.5,HIGH,0.0011599999852478504,false,,false,false,false,,,false,false,,2023-11-30T23:15:00.000Z,0
CVE-2023-47207,https://securityvulnerability.io/vulnerability/CVE-2023-47207,Delta Electronics InfraSuite Device Master Deserialization of Untrusted Data,"A vulnerability in Delta Electronics InfraSuite Device Master v.1.0.7 allows unauthenticated attackers to execute arbitrary code with local administrator privileges. This flaw poses a serious threat as it can lead to unauthorized control over affected devices, compromising their functionality and security. Organizations utilizing this software should prioritize patching to mitigate risks associated with potential exploits.",Delta Electronics,InfraSuite Device Master,9.8,CRITICAL,0.0020000000949949026,false,,false,false,false,,,false,false,,2023-11-30T22:15:00.000Z,0
CVE-2023-46690,https://securityvulnerability.io/vulnerability/CVE-2023-46690,Delta Electronics InfraSuite Device Master Path Traversal,"In Delta Electronics InfraSuite Device Master version 1.0.7, a vulnerability has been identified that allows attackers to execute arbitrary file writes to any location on the filesystem. This flaw poses significant risks, as it can potentially facilitate remote code execution, enabling malicious actors to compromise affected systems. Proper measures and patches should be implemented to mitigate this vulnerability.",Delta Electronics,InfraSuite Device Master,8.8,HIGH,0.00949000008404255,false,,false,false,false,,,false,false,,2023-11-30T22:15:00.000Z,0
CVE-2023-39226,https://securityvulnerability.io/vulnerability/CVE-2023-39226,Delta Electronics InfraSuite Device Master Exposed Dangerous Method Or Function,A vulnerability in Delta Electronics InfraSuite Device Master version 1.0.7 allows attackers to execute arbitrary code remotely without authentication through a specially crafted UDP packet. This issue poses potential risks to network security and the integrity of devices utilizing this software.,Delta Electronics,InfraSuite Device Master,9.8,CRITICAL,0.007969999685883522,false,,false,false,false,,,false,false,,2023-11-30T22:15:00.000Z,0
CVE-2023-34316,https://securityvulnerability.io/vulnerability/CVE-2023-34316,Delta Electronics InfraSuite Device Master Improper Access Control,"The vulnerability in Delta Electronics InfraSuite Device Master allows attackers to bypass recent patches in versions earlier than 1.0.7, potentially enabling unauthorized access to sensitive file contents. This oversight presents a significant risk to organizations utilizing the affected software, as attackers could exploit this flaw to extract confidential information.",Delta Electronics,Infrasuite Device Master,7.5,HIGH,0.00139999995008111,false,,false,false,false,,,false,false,,2023-07-10T20:15:00.000Z,0
CVE-2023-30765,https://securityvulnerability.io/vulnerability/CVE-2023-30765,​Delta Electronics InfraSuite Device Master Improper Access Control,"Delta Electronics InfraSuite Device Master up to version 1.0.6 is susceptible to improper access control mechanisms. This vulnerability could be exploited by attackers to manipulate privilege management configurations, leading to unauthorized privilege escalation and potential control over critical system functionalities.",Delta Electronics,Infrasuite Device Master,9.8,CRITICAL,0.0014700000174343586,false,,false,false,true,2023-07-19T14:21:15.000Z,true,false,false,,2023-07-10T20:15:00.000Z,0
CVE-2023-34347,https://securityvulnerability.io/vulnerability/CVE-2023-34347,​Delta Electronics InfraSuite Device Master Deserialization of Untrusted Data,"Delta Electronics InfraSuite Device Master prior to version 1.0.7 is vulnerable due to the presence of classes that are not safe for deserialization. This vulnerability could be exploited by an attacker to execute arbitrary code remotely, posing a significant security risk to environments utilizing this software. Organizations using affected versions are encouraged to upgrade to secure their systems against potential exploitation.",Delta Electronics,Infrasuite Device Master,9.8,CRITICAL,0.0016700000269338489,false,,false,false,false,,,false,false,,2023-07-10T19:15:00.000Z,0
CVE-2023-1142,https://securityvulnerability.io/vulnerability/CVE-2023-1142,CVE-2023-1142,"In earlier versions of Delta Electronics InfraSuite Device Master, a potential vulnerability allows attackers to exploit URL decoding techniques. This could lead to unauthorized access to sensitive system files and credentials, undermining security measures and allowing for privilege escalation. Users are strongly advised to upgrade to version 1.0.5 or later to mitigate these risks.",Delta Electronics,Infrasuite Device Master,7.5,HIGH,0.002469999948516488,false,,false,false,false,,,false,false,,2023-03-27T15:15:00.000Z,0
CVE-2023-1140,https://securityvulnerability.io/vulnerability/CVE-2023-1140,CVE-2023-1140,"A vulnerability exists in Delta Electronics InfraSuite Device Master versions prior to 1.0.5 that could enable an attacker to execute arbitrary code remotely without authentication. This flaw allows unauthorized entities to operate with administrative privileges, potentially compromising the security and functionality of affected devices.",Delta Electronics,Infrasuite Device Master,9.8,CRITICAL,0.005510000046342611,false,,false,false,false,,,false,false,,2023-03-27T15:15:00.000Z,0
CVE-2023-1141,https://securityvulnerability.io/vulnerability/CVE-2023-1141,CVE-2023-1141,"The Delta Electronics InfraSuite Device Master is susceptible to a command injection vulnerability that permits attackers to execute arbitrary commands. This can potentially lead to remote code execution, compromising the security of the device and the network it is integrated into. Users of the affected version should update to the latest release to mitigate risks and enhance the security of their systems.",Delta Electronics,Infrasuite Device Master,8.8,HIGH,0.003530000103637576,false,,false,false,false,,,false,false,,2023-03-27T15:15:00.000Z,0
CVE-2023-1143,https://securityvulnerability.io/vulnerability/CVE-2023-1143,CVE-2023-1143,"In versions of Delta Electronics InfraSuite Device Master prior to 1.0.5, a vulnerability allows attackers to execute arbitrary code remotely using Lua scripts. This capability could potentially compromise the integrity and security of the affected system, enabling unauthorized access and control.",Delta Electronics,Infrasuite Device Master,8.8,HIGH,0.0019199999514967203,false,,false,false,false,,,false,false,,2023-03-27T15:15:00.000Z,0
CVE-2023-1144,https://securityvulnerability.io/vulnerability/CVE-2023-1144,CVE-2023-1144,"Delta Electronics InfraSuite Device Master prior to version 1.0.5 is susceptible to an improper access control issue. This vulnerability allows attackers to exploit the Device-Gateway service to bypass authorization controls, potentially leading to unauthorized privilege escalation. Organizations using affected versions are advised to update to the latest version to mitigate this security risk.",Delta Electronics,Infrasuite Device Master,8.8,HIGH,0.0016199999954551458,false,,false,false,false,,,false,false,,2023-03-27T15:15:00.000Z,0
CVE-2023-1138,https://securityvulnerability.io/vulnerability/CVE-2023-1138,CVE-2023-1138,"Delta Electronics InfraSuite Device Master versions earlier than 1.0.5 are affected by an improper access control vulnerability. This flaw allows attackers to improperly gain access to system components, enabling them to retrieve sensitive Gateway configuration files. Exploitation of this vulnerability may lead to the exposure of plaintext credentials, creating significant risks for system integrity and data confidentiality.",Delta Electronics,Infrasuite Device Master,7.5,HIGH,0.0017000000225380063,false,,false,false,false,,,false,false,,2023-03-27T15:15:00.000Z,0
CVE-2023-1139,https://securityvulnerability.io/vulnerability/CVE-2023-1139,CVE-2023-1139,"The Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are vulnerable to a deserialization flaw within the Device-gateway service. This vulnerability allows an attacker to craft malicious requests that can be deserialized before any authentication is carried out. Successful exploitation may lead to remote code execution, thereby compromising the integrity and security of affected systems.",Delta Electronics,Infrasuite Device Master,8.8,HIGH,0.003379999892786145,false,,false,false,false,,,false,false,,2023-03-27T15:15:00.000Z,0
CVE-2023-1145,https://securityvulnerability.io/vulnerability/CVE-2023-1145,Deserialization Vulnerability in Delta Electronics InfraSuite Device Master,"Delta Electronics InfraSuite Device Master versions earlier than 1.0.5 are susceptible to a significant deserialization vulnerability within the Device-DataCollect service. This flaw allows unauthorized deserialization of requests before proper authentication is established, potentially leading to remote code execution on the affected systems. Organizations using this product are advised to stay updated on security patches and implement necessary safeguards against exploitation.",Delta Electronics,Infrasuite Device Master,7.8,HIGH,0.0009299999801442027,false,,false,false,false,,,false,false,,2023-03-27T15:15:00.000Z,0
CVE-2023-1133,https://securityvulnerability.io/vulnerability/CVE-2023-1133,CVE-2023-1133,"Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are susceptible to a vulnerability where the Device-status service listens by default on UDP port 10100. This service accepts unverified UDP packets and deserializes the content, posing a risk that unprivileged attackers could exploit to execute arbitrary code remotely. This issue emphasizes the need for stringent network security measures and timely updates to protect against potential exploitation.",Delta Electronics,Infrasuite Device Master,9.8,CRITICAL,0.06802000105381012,false,,false,false,false,,,false,false,,2023-03-27T15:15:00.000Z,0
CVE-2023-1134,https://securityvulnerability.io/vulnerability/CVE-2023-1134,CVE-2023-1134,"Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are susceptible to a path traversal vulnerability. This flaw may enable attackers to access local files, potentially exposing sensitive information such as plaintext credentials. Furthermore, it could facilitate privilege escalation, providing unauthorized access to sensitive functionalities within the device.",Delta Electronics,Infrasuite Device Master,7.1,HIGH,0.0025100000202655792,false,,false,false,false,,,false,false,,2023-03-27T15:15:00.000Z,0
CVE-2023-1135,https://securityvulnerability.io/vulnerability/CVE-2023-1135,Local Privilege Escalation Vulnerability in Delta Electronics InfraSuite Device Master,"In Delta Electronics InfraSuite Device Master versions earlier than 1.0.5, a vulnerability exists that allows attackers to modify directory permissions, potentially leading to unauthorized local privilege escalation. This exploitation could allow an attacker to gain elevated permissions, compromising the integrity and security of the system. It is crucial for users to upgrade to the latest version to mitigate potential security risks.",Delta Electronics,Infrasuite Device Master,7.8,HIGH,0.0005099999834783375,false,,false,false,false,,,false,false,,2023-03-27T15:15:00.000Z,0
CVE-2023-1136,https://securityvulnerability.io/vulnerability/CVE-2023-1136,CVE-2023-1136,"In versions of Delta Electronics InfraSuite Device Master prior to 1.0.5, an unauthenticated attacker can exploit a vulnerability to generate a valid token. This allows them to bypass authentication mechanisms, potentially granting them unauthorized access to sensitive functionalities within the application.",Delta Electronics,Infrasuite Device Master,9.8,CRITICAL,0.0013500000350177288,false,,false,false,false,,,false,false,,2023-03-27T15:15:00.000Z,0
CVE-2023-1137,https://securityvulnerability.io/vulnerability/CVE-2023-1137,CVE-2023-1137,"A security flaw in the InfraSuite Device Master software from Delta Electronics allows low-level users to extract sensitive files and plaintext credentials belonging to administrator accounts. This vulnerability could lead to unauthorized access and potential malicious activities, including privilege escalation, if exploited. Organizations using affected versions should prioritize applying updates to mitigate risks.",Delta Electronics,Infrasuite Device Master,6.5,MEDIUM,0.0016199999954551458,false,,false,false,false,,,false,false,,2023-03-27T15:15:00.000Z,0
CVE-2022-41778,https://securityvulnerability.io/vulnerability/CVE-2022-41778,Deserialization Vulnerability in Delta Electronics InfraSuite Device Master,"The Delta Electronics InfraSuite Device Master versions 00.00.01a and earlier contain a significant deserialization vulnerability. This flaw allows an attacker to send specially crafted user-supplied data via the Device-DataCollect service. Without adequate checks, the system may deserialize these malicious objects, potentially resulting in arbitrary code execution. Organizations using these affected versions should review their security measures and apply necessary updates to mitigate the risks associated with this vulnerability.",Delta Electronics,Infrasuite Device Master,9.8,CRITICAL,0.0015999999595806003,false,,false,false,false,,,false,false,,2023-01-13T00:15:00.000Z,0
CVE-2022-41629,https://securityvulnerability.io/vulnerability/CVE-2022-41629,Unauthenticated Access Vulnerability in Delta Electronics InfraSuite Device Master,"Delta Electronics InfraSuite Device Master versions 00.00.01a and earlier are vulnerable to unauthenticated access, allowing remote attackers to interact with the aprunning endpoint. This vulnerability exposes the 'RunningConfigs' directory, permitting unauthorized retrieval of sensitive files, including configuration files like UserListInfo.xml. As a result, attackers could potentially access and modify critical configuration settings, including administrative passwords, posing significant security risks.",Delta Electronics,Infrasuite Device Master,7.5,HIGH,0.0020699999295175076,false,,false,false,false,,,false,false,,2022-10-31T19:51:27.025Z,0
CVE-2022-41776,https://securityvulnerability.io/vulnerability/CVE-2022-41776,Configuration Management Vulnerability in Delta Electronics InfraSuite Device Master,"The vulnerability in Delta Electronics' InfraSuite Device Master allows unauthenticated users to exploit the WriteConfiguration method. This exploit enables attackers to alter essential configuration files, notably UserListInfo.xml. As a result, unauthorized changes to administrative passwords can occur, compromising system integrity and access control.",Delta Electronics,Infrasuite Device Master,7.5,HIGH,0.0017000000225380063,false,,false,false,false,,,false,false,,2022-10-31T19:48:17.936Z,0
CVE-2022-41644,https://securityvulnerability.io/vulnerability/CVE-2022-41644,Privilege Escalation Vulnerability in Delta Electronics InfraSuite Device Master,"The Delta Electronics InfraSuite Device Master suffers from a significant security vulnerability that allows an unauthenticated attacker to modify group privileges. This flaw enables attackers to escalate their privileges or potentially create a denial-of-service condition, thereby compromising the integrity and availability of the device. Users of affected versions are strongly advised to apply available patches to mitigate the risks associated with this vulnerability.",Delta Electronics,Infrasuite Device Master,8.8,HIGH,0.0016199999954551458,false,,false,false,false,,,false,false,,2022-10-31T19:47:21.832Z,0