SB2022102636 - Multiple vulnerabilities in Delta Electronics InfraSuite Device Master
Published: October 26, 2022 Updated: February 1, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 10 secuirty vulnerabilities.
1) Deserialization of Untrusted Data (CVE-ID: CVE-2022-41778)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data within the Device-DataCollect service port. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Deserialization of Untrusted Data (CVE-ID: CVE-2022-38142)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data within the Device-Gateway service port. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Deserialization of Untrusted Data (CVE-ID: CVE-2022-41779)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Path traversal (CVE-ID: CVE-2022-41657)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences within the CtrlLayerNWCmd_FileOperation function. A remote attacker can send a specially crafted HTTP request and create arbitrary files on the system, leading to arbitrary code execution.
5) Path traversal (CVE-ID: CVE-2022-41772)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request and execute arbitrary code on the system.
6) Missing Authentication for Critical Function (CVE-ID: CVE-2022-40202)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to the database backup function lacks proper authentication within the ExeCommandInCommandLineMode function. A remote attacker can start any new process and execute arbitrary code on the target system.
7) Missing Authentication for Critical Function (CVE-ID: CVE-2022-41688)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to improper authentication for functions that create and modify user groups. A remote attacker can create a new user and add them to the administrator group.
8) Missing Authentication for Critical Function (CVE-ID: CVE-2022-41644)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to improper authentication for a function that changes group privileges. A remote user can create a denial of service state or escalate their own privileges.
9) Missing Authentication for Critical Function (CVE-ID: CVE-2022-41776)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to improper authentication within the WriteConfiguration method. A remote attacker can provide new values for user configuration files and change the administrative passwords.
10) Missing Authentication for Critical Function (CVE-ID: CVE-2022-41629)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to improper access to the aprunning endpoint. A remote attacker can retrieve any file from the "RunningConfigs" directory and see existing administrative passwords.
Remediation
Install update from vendor's website.
References
- https://ics-cert.us-cert.gov/advisories/icsa-22-298-07
- https://www.zerodayinitiative.com/advisories/ZDI-23-086/
- https://www.zerodayinitiative.com/advisories/ZDI-23-085/
- https://www.zerodayinitiative.com/advisories/ZDI-23-084/
- https://www.zerodayinitiative.com/advisories/ZDI-23-082/
- https://www.zerodayinitiative.com/advisories/ZDI-23-083/