Detections
Analytics
Delta Electronics InfraSuite Device Master Gateway Deserialization of Untrusted Data (CVE-2023-1133)
critical Nessus Plugin ID 173829
Synopsis
An OT application is affected by an information disclosure vulnerability.Description
The Delta Electronics InfraSuite Device Master Gateway running on the remote host is affected by an information disclosure vulnerability. An unauthenticated, remote attacker can exploit this, via a specially crafted message, to run arbitrary commands.Solution
Upgrade InfraSuite Device Master to version 1.05 or later.See Also
https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-02
Plugin Details
Severity: Critical
ID: 173829
File Name: delta_electronics_idm_cve-2023-1133.nbin
Version: 1.19
Type: remote
Family: SCADA
Published: 4/4/2023
Updated: 4/23/2024
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.3
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2023-1133
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 9.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:deltaww:infrasuite_device_master
Required KB Items: installed_sw/Delta Electronics InfraSuite Device Master Gateway
Exploit Available: true
Exploit Ease: Exploits are available
Exploited by Nessus: true
Patch Publication Date: 3/21/2023
Vulnerability Publication Date: 3/21/2023
Exploitable With
Metasploit (Delta Electronics InfraSuite Device Master Deserialization)
Reference Information
CVE: CVE-2023-1133