PT-2022-26069 · Delta Electronics · Infrasuite Device Master
Kimiya
·
Published
2022-10-27
·
Updated
2022-11-02
·
CVE-2022-41779
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior
Description
The issue allows remote code execution due to deserialization of untrusted data. If the device connects to an attacker-controlled server, the attacker could send maliciously crafted packets that would be deserialized and executed. This is a result of the device deserializing network packets without proper verification.
Recommendations
For Delta Electronics InfraSuite Device Master versions 00.00.01a and prior, consider restricting network access to trusted sources until a fix is available. As a temporary workaround, avoid connecting the device to untrusted servers to minimize the risk of exploitation.
Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Infrasuite Device Master