Delta Electronics InfraSuite Device Master

Act Now9.8ICS-CERT ICSA-22-298-07Oct 25, 2022

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

InfraSuite Device Master versions up to 1.0.3 contain multiple critical vulnerabilities (improper deserialization, path traversal, missing authentication) that allow unauthenticated remote attackers to execute arbitrary code with local administrator privileges, delete files, or change group privileges. The affected versions are InfraSuite Device Master <= 00.00.01a and < 1.0.3.

What this means

What could happen

An unauthenticated attacker on your network could run arbitrary commands on the Device Master with administrator privileges, read or modify any file on the system, or crash the service by deleting critical files. This could disrupt remote monitoring and control of your distributed infrastructure devices across your network.

Who's at risk

Water authorities and electric utilities that use Delta InfraSuite Device Master to monitor and manage remote devices (RTUs, substations, pump stations, treatment plants) across distributed networks. This affects any facility using Device Master as the central management point.

How it could be exploited

An attacker with network access to the Device Master's listening port can send unauthenticated requests that exploit deserialization or path traversal flaws to execute code, delete files, or escalate privileges—no credentials or user interaction required.

Prerequisites

Network access to InfraSuite Device Master (port and protocol unspecified in advisory)
No authentication required
Vulnerable version <= 1.0.3 must be running

Remotely exploitableNo authentication requiredLow complexity attackHigh CVSS score (9.8)Affects management/control systemsNo patch available for some versions

Exploitability

Moderate exploit probability (EPSS 4.0%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

InfraSuite Device Master -≤ 00.00.01a1.0.3

InfraSuite Device Master:< 1.0.31.0.3

Remediation & Mitigation

0/4

Do now

0/3

HARDENINGIsolate InfraSuite Device Master and all connected infrastructure devices behind firewall rules; block network access from internet and untrusted networks

HARDENINGIf remote access to the device is required, route all connections through a VPN with current patches applied

HARDENINGEnsure device is not directly accessible from the internet or business network; segment to a dedicated control system network

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUninstall InfraSuite Device Master and reinstall Version 1.0.3 or later using the official installer

CVEs (10)

CVE-2022-41778 CVE-2022-38142 CVE-2022-41779 CVE-2022-41657 CVE-2022-41772 CVE-2022-40202 CVE-2022-41688 CVE-2022-41644 CVE-2022-41776 CVE-2022-41629

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/4f5f3ab5-6f71-45a0-bc43-22bf59527320