CVE-2023-1145

Name of the Vulnerable Software and Affected Versions Delta Electronics InfraSuite Device Master versions prior to 1.0.5

Description The issue is related to a deserialization vulnerability in the Device-DataCollect service, which could allow deserialization of requests prior to authentication, resulting in remote code execution. This vulnerability is associated with shortcomings in the deserialization mechanism, allowing an attacker to execute arbitrary code by sending specially crafted requests.

Recommendations For versions prior to 1.0.5, update to version 1.0.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the Device-DataCollect service to minimize the risk of exploitation.