CVE-2022-38142

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-38142
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-Gateway service port without proper verification. An attacker could provide malicious serialized objects to execute arbitrary code upon deserialization.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-07 Patch Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

cpe:2.3:a:deltaww:infrasuite_device_master:*:*:*:*:*:*:*:*
History

07 Nov 2023, 03:50

Type Values Removed Values Added
Summary Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-Gateway service port without proper verification. An attacker could provide malicious serialized objects to execute arbitrary code upon deserialization. Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-Gateway service port without proper verification. An attacker could provide malicious serialized objects to execute arbitrary code upon deserialization.
Information

Published : 2022-10-31 20:15

Updated : 2024-02-28 19:29

NVD link : CVE-2022-38142

Mitre link : CVE-2022-38142

CVE.ORG link : CVE-2022-38142

JSON object : View

Products Affected

deltaww

  • infrasuite_device_master
CWE
CWE-502

Deserialization of Untrusted Data