PT-2022-26068 · Delta Electronics · Infrasuite Device Master
Kimiya
·
Published
2022-10-27
·
Updated
2023-01-23
·
CVE-2022-41778
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior
Description
The issue allows an attacker to execute arbitrary code by providing malicious serialized objects through the Device-DataCollect service port without proper verification. This is due to the deserialization of user-supplied data.
Recommendations
For Delta Electronics InfraSuite Device Master versions 00.00.01a and prior, as a temporary workaround, consider restricting access to the Device-DataCollect service port to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Infrasuite Device Master