module
Delta Electronics InfraSuite Device Master Deserialization
| Disclosed |
|---|
| May 17, 2023 |
Disclosed
May 17, 2023
Description
Delta Electronics InfraSuite Device Master versions below v1.0.5 have an
unauthenticated .NET deserialization vulnerability within the 'ParseUDPPacket()'
method of the 'Device-Gateway-Status' process.
The 'ParseUDPPacket()' method reads user-controlled packet data and eventually
calls 'BinaryFormatter.Deserialize()' on what it determines to be the packet header without appropriate validation,
leading to unauthenticated code execution as the user running the 'Device-Gateway-Status' process.
unauthenticated .NET deserialization vulnerability within the 'ParseUDPPacket()'
method of the 'Device-Gateway-Status' process.
The 'ParseUDPPacket()' method reads user-controlled packet data and eventually
calls 'BinaryFormatter.Deserialize()' on what it determines to be the packet header without appropriate validation,
leading to unauthenticated code execution as the user running the 'Device-Gateway-Status' process.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.