PT-2022-26026 · Delta Electronics · Infrasuite Device Master
Kimiya
·
Published
2022-10-27
·
Updated
2022-11-02
·
CVE-2022-41688
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior
Description
The issue concerns a lack of proper authentication for functions that create and modify user groups. An attacker could exploit this by providing malicious serialized objects to run these functions without authentication, potentially creating a new user and adding them to the administrator group.
Recommendations
For Delta Electronics InfraSuite Device Master versions 00.00.01a and prior, consider disabling the functions that create and modify user groups until a patch is available to prevent unauthorized access and modifications. Restrict access to these functions to minimize the risk of exploitation.
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Infrasuite Device Master