CVE-2023-1136

Name of the Vulnerable Software and Affected Versions Delta Electronics InfraSuite Device Master versions prior to 1.0.5

Description The issue is related to insufficient input validation in the Delta Electronics InfraSuite Device Master software, which could allow an unauthenticated attacker to generate a valid token. This token generation could lead to authentication bypass, potentially enabling a remote attacker to elevate their privileges.

Recommendations For versions prior to 1.0.5, update to version 1.0.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the authentication mechanism until a patch is available.