Vulnerability Details CVE-2023-1133
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which the Device-status service listens on port 10100/ UDP by default. The service accepts the unverified UDP packets and deserializes the content, which could allow an unauthenticated attacker to remotely execute arbitrary code.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.86
EPSS Ranking 99.3%
CVSS Severity
CVSS v3 Score 9.8
References
- http://packetstormsecurity.com/files/172799/Delta-Electronics-InfraSuite-Device-Master-Deserialization.html
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-02
- http://packetstormsecurity.com/files/172799/Delta-Electronics-InfraSuite-Device-Master-Deserialization.html
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-02
Products affected by CVE-2023-1133
-
cpe:2.3:a:deltaww:infrasuite_device_master:-
-
cpe:2.3:a:deltaww:infrasuite_device_master:00.00.01a
-
cpe:2.3:a:deltaww:infrasuite_device_master:00.00.02a