Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-41629

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to access the aprunning endpoint, which could allow an attacker to retrieve any file from the “RunningConfigs” directory. The attacker could then view and modify configuration files such as UserListInfo.xml, which would allow them to see existing administrative passwords.

Published

2022-10-31T20:15:13.063

Last Modified

2024-11-21T07:23:31.840

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-306

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	deltaww	infrasuite_device_master	< 00.00.02a	Yes

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-07 Patch, Third Party Advisory, US Government Resource ([email protected])
https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-07 Patch, Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)