Severity
High
Analysis Summary
CVE-2023-34347 CVSS:9.8
Delta Electronics InfraSuite Device Master could allow a remote attacker to execute arbitrary code on the system, caused by the unsafe deserialization of data. By sending specially crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-30765 CVSS:8.8
Delta Electronics InfraSuite Device Master could allow a remote authenticated attacker to bypass security restrictions, caused by improper access control. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass authentication and obtain administrative access.
CVE-2023-34316 CVSS:6.5
Delta Electronics InfraSuite Device Master could allow a remote authenticated attacker to bypass security restrictions, caused by improper access control. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass authentication and retrieve file contents.
Impact
- Code Execution
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2023-34347
- CVE-2023-30765
- CVE-2023-34316
Affected Vendors
Delta Electronics
Affected Products
- Delta Electronics InfraSuite Device Master 1.0.6
Remediation
Upgrade to the latest version of InfraSuite Device Master, available from the Delta Electronics Web site.