CVE-2023-1134

Name of the Vulnerable Software and Affected Versions Delta Electronics InfraSuite Device Master versions prior to 1.0.5

Description The issue is related to a path traversal vulnerability, which could allow an attacker to read local files, disclose plaintext credentials, and escalate privileges. This vulnerability may be exploited by a remote attacker to gain elevated privileges.

Recommendations For versions prior to 1.0.5, update to version 1.0.5 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation. Avoid using the CtrlLayerNWCmd ReportFileOperation function until a patch is available.