ICSA-22-298-07 · Published 2023-01-18 · View on CISA ICS-CERT ↗

Delta Electronics InfraSuite Device Master

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to remotely execute code, cause a denial-of-service condition by remotely deleting files or changing group privileges, or remotely read and write files, all with local administrator privileges.

CVEs (10)

CVE-2022-41778 CVE-2022-38142 CVE-2022-41779 CVE-2022-41657 CVE-2022-41772 CVE-2022-40202 CVE-2022-41688 CVE-2022-41644 CVE-2022-41776 CVE-2022-41629

Remediations

Delta Electronics recommends users uninstall old versions of InfraSuite Device Master and reinstall the updated Version 1.0.3 using the installer.

Affected Vendors

Delta Electronics

Affected Products (2)

Delta Electronics · InfraSuite Device Master <= 00.00.01a

Delta Electronics · InfraSuite Device Master < 1.0.3

Affected Sectors

Energy

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more