exploitDog

CVE-2022-41776

Опубликовано: 31 окт. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to trigger the WriteConfiguration method, which could allow an attacker to provide new values for user configuration files such as UserListInfo.xml. This could lead to the changing of administrative passwords.

Ссылки

https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-07
Patch
Third Party Advisory
US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-07
Patch
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:deltaww:infrasuite_device_master:*:*:*:*:*:*:*:*

Версия до 00.00.02a (исключая)

EPSS

Процентиль: 58%

0.00371

Низкий

7.5 High

CVSS3

Дефекты

CWE-306

Связанные уязвимости

GHSA-6q8f-5hrg-whhc

CVSS3: 7.5

github

больше 3 лет назад

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to trigger the WriteConfiguration method, which could allow an attacker to provide new values for user configuration files such as UserListInfo.xml. This could lead to the changing of administrative passwords.

EPSS

Процентиль: 58%

0.00371

Низкий

7.5 High

CVSS3

Дефекты

CWE-306