9.8
CVE-2023-34347
- EPSS 0.83%
- Veröffentlicht 10.07.2023 19:15:09
- Zuletzt bearbeitet 21.11.2024 08:07:03
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginDelta Electronics InfraSuite Device Master Deserialization of Untrusted Data
Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contains classes that cannot be deserialized, which could allow an attack to remotely execute arbitrary code.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Deltaww ≫ Infrasuite Device Master Version < 1.0.7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.83% | 0.529 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| ics-cert@hq.dhs.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-01