Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveIcscertCVE-2022-40202
HistoryOct 31, 2022 - 8:15 p.m.

CVE-2022-40202

2022-10-3120:15:12
CWE-306
icscert
web.nvd.nist.gov
25
cve-2022-40202
delta electronics
infrasuite device master
authentication
serialized objects
remote code execution

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.004

Percentile

73.3%

JSON

The database backup function in Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior lacks proper authentication. An attacker could provide malicious serialized objects which, when deserialized, could activate an opcode for a backup scheduling function without authentication. This function allows the user to designate all function arguments and the file to be executed. This could allow the attacker to start any new process and achieve remote code execution.

Affected configurations

Nvd
Node
deltawwinfrasuite_device_masterRange<00.00.02a
VendorProductVersionCPE
deltawwinfrasuite_device_master*cpe:2.3:a:deltaww:infrasuite_device_master:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "InfraSuite Device Master",
    "vendor": "Delta Electronics",
    "versions": [
      {
        "lessThanOrEqual": "00.00.01a",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Related

nvd 1
zdi 2
prion 1
cvelist 1
ics 1
nvd
nvd
CVE-2022-40202
2022-10-31 20:15:12
zdi
zdi
Delta Electronics InfraSuite Device Master ExeCommandInCommandLineMode Exposed Dangerous Function Remote Code Execution Vulnerability
2023-01-18 00:00:00
Delta Industrial Automation InfraSuite Device Master ExeCommandInCommandLineMode Missing Authentication Remote Code Execution Vulnerability
2022-10-27 00:00:00
prion
prion
Remote code execution
2022-10-31 20:15:00
cvelist
cvelist
CVE-2022-40202
2022-10-31 19:35:08
ics
ics
Delta Electronics InfraSuite Device Master (Update A)
2023-01-18 12:00:00

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.004

Percentile

73.3%

JSON
Related for CVE-2022-40202
nvd1zdi2prion1cvelist1ics1