CVE-2023-1133

Name of the Vulnerable Software and Affected Versions Delta Electronics InfraSuite Device Master versions prior to 1.0.5

Description The issue is related to the Device-status service listening on port 10100/UDP by default, accepting unverified UDP packets, and deserializing their content. This could allow an unauthenticated attacker to remotely execute arbitrary code. The vulnerability is associated with the deserialization of untrusted data, which may enable a remote attacker to execute arbitrary code using specially crafted UDP packets.

Recommendations For versions prior to 1.0.5, update to version 1.0.5 or later to resolve the issue. As a temporary workaround, consider restricting access to port 10100/UDP to minimize the risk of exploitation. Additionally, disabling the Device-status service until a patch is applied may also help mitigate the risk.