CVE-2023-1133
CRITICALDeltaww Infrasuite Device Master < 1.0.5 - Insecure Deserialization
Title source: ruleDescription
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which the Device-status service listens on port 10100/ UDP by default. The service accepts the unverified UDP packets and deserializes the content, which could allow an unauthenticated attacker to remotely execute arbitrary code.
Exploits (1)
metasploit
WORKING POC
EXCELLENT
by Anonymous, Shelby Pace · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/delta_electronics_infrasuite_deserialization.rb
References (2)
Core 2
Core References
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-02
Exploit, Third Party Advisory
http://packetstormsecurity.com/files/172799/Delta-Electronics-InfraSuite-Device-Master-Deserialization.html
Scores
CVSS v3
9.8
EPSS
0.8611
EPSS Percentile
99.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-502
Status
published
Products (1)
deltaww/infrasuite_device_master
< 1.0.5
Published
Mar 27, 2023
Tracked Since
Feb 18, 2026