CVE-2023-1135

HIGH

Deltaww Infrasuite Device Master - Incorrect Permission Assignment

Title source: rule
STIX 2.1

Description

In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could set incorrect directory permissions, which could result in local privilege escalation.

References (1)

Core 1
Core References
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-02

Scores

CVSS v3 7.8
EPSS 0.0006
EPSS Percentile 18.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-732
Status published
Products (1)
deltaww/infrasuite_device_master < 1.0.5
Published Mar 27, 2023
Tracked Since Feb 18, 2026