PT-2022-26066 · Delta Electronics · Infrasuite Device Master
Kimiya
·
Published
2022-10-27
·
Updated
2022-11-02
·
CVE-2022-41776
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior
Description
The issue allows unauthenticated users to trigger the
WriteConfiguration method. This could enable an attacker to modify user configuration files, such as UserListInfo.xml, potentially leading to changes in administrative passwords.Recommendations
For Delta Electronics InfraSuite Device Master versions 00.00.01a and prior, consider disabling the
WriteConfiguration method until a patch is available to prevent unauthorized changes to user configuration files. Restrict access to administrative functions to minimize the risk of exploitation.Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Infrasuite Device Master