← back
CVE-2023-1133

CVE-2023-1133

CVSS 9.8 CRITICALEPSS 50.0%
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which the Device-status service listens on port 10100/ UDP by default. The service accepts the unverified UDP packets and deserializes the content, which could allow an unauthenticated attacker to remotely execute arbitrary code.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Delta Electronics · InfraSuite Device Master
public PoCs found1
cve_referencepacketstormsecurity.com/files/172799/Delta-Electronics-InfraSuite-Device-Master-Deserialization.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/172799/Delta-Electronics-InfraSuite-Device-Master-Deserialization.htmlhttps://www.cisa.gov/news-events/ics-advisories/icsa-23-080-02