PT-2023-2345 · Delta Electronics · Infrasuite Device Master

Chudypd

Publicado

2023-03-21

Atualizado

2023-05-17

CVE-2023-1144

CVSS v2.0

9.0

Alta

Vetor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Delta Electronics InfraSuite Device Master versions prior to 1.0.5

Description The issue is related to insufficient authorization mechanisms in the Device-Gateway service of the Delta Electronics InfraSuite Device Master software. This can be exploited by a remote attacker to escalate privileges by utilizing the Device-Gateway service and bypassing authorization.

Recommendations For versions prior to 1.0.5, update to version 1.0.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the Device-Gateway service to minimize the risk of exploitation.

Correção

Improper Access Control

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284CWE-863

Identificadores relacionados

BDU:2023-02110

CVE-2023-1144

ZDI-23-675

Produtos afetados

Infrasuite Device Master

PT-2023-2345 · Delta Electronics · Infrasuite Device Master

CVE-2023-1144

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5