CVE-2022-41688

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper authentication for functions that create and modify user groups. An attacker could provide malicious serialized objects that could run these functions without authentication to create a new user and add them to the administrator group.
References
Link Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-07 Patch Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:deltaww:infrasuite_device_master:*:*:*:*:*:*:*:*

Information

Published : 2022-10-31 08:15

Updated : 2022-11-02 02:04


NVD link : CVE-2022-41688

Mitre link : CVE-2022-41688

Products Affected
No products.
CWE