CVE-2023-30765

Published: Jul 10, 2023Modified: Jan 27, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contain improper access controls that could allow an attacker to alter privilege management configurations, resulting in privilege escalation.

Affected (1)

Products: Deltaww: Infrasuite Device Master

Deltaww

1 product

Infrasuite Device Master

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Deltaww Infrasuite Device Master	Before 1.0.7

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-01

Source: ics-cert@hq.dhs.gov

MitigationPatchThird Party AdvisoryUS Government Resource

https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-01

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationPatchThird Party AdvisoryUS Government Resource

Timeline

No history available yet.