Delta Electronics InfraSuite Device Master

Act Now9.8ICS-CERT ICSA-23-080-02Mar 29, 2023

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain multiple vulnerabilities in authentication, access control, file handling, and code injection (CWE-502, CWE-284, CWE-749, CWE-22, CWE-287, CWE-77, CWE-732, CWE-306). An unauthenticated attacker with network access can obtain files and credentials, escalate privileges, and execute arbitrary code on the management platform. The vendor has released version 1.0.5 as a fix.

What this means

What could happen

An unauthenticated attacker with network access to InfraSuite Device Master could read sensitive files and stored credentials, escalate to full system control, and execute arbitrary commands on the device. This could allow an attacker to manipulate configuration, disable monitoring, or disrupt operations depending on what systems Device Master manages.

Who's at risk

This affects organizations running Delta Electronics InfraSuite Device Master as a management platform for control systems. Site managers, utilities, and manufacturers using Device Master for remote monitoring or configuration of PLCs, drives, and industrial equipment should prioritize this update. Device Master typically runs on engineering workstations or control system servers.

How it could be exploited

An attacker on the network sends requests to the unpatched Device Master without credentials. The vulnerabilities allow reading files (including credential stores), bypassing access controls, and executing arbitrary code remotely. Once code execution is achieved, the attacker has full control of the management platform.

Prerequisites

Network reachability to InfraSuite Device Master
No authentication required
Vulnerable version < 1.0.5

Remotely exploitableNo authentication requiredLow complexity attackHigh EPSS score (86.1%)Allows arbitrary code executionAllows credential accessAffects management platform for control systems

Exploitability

High exploit probability (EPSS 86.1%)

Affected products (1)

ProductAffected VersionsFix Status

InfraSuite Device Master:< 1.0.51.0.5

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDRestrict network access to InfraSuite Device Master by placing it behind a firewall and isolating it from the business network until patching is complete

HARDENINGReview and rotate any credentials that may have been stored or readable by Device Master

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUninstall InfraSuite Device Master versions < 1.0.5 and reinstall version 1.0.5 using the official installer

Long-term hardening

0/2

HARDENINGSegment control system networks from business networks and ensure Device Master is not reachable from the Internet

HARDENINGIf remote access to Device Master is required, use a VPN with current security patches; verify the VPN itself is up to date

CVEs (13)

CVE-2023-1133 CVE-2023-1139 CVE-2023-1145 CVE-2023-1138 CVE-2023-1144 CVE-2023-1137 CVE-2023-1143 CVE-2023-1134 CVE-2023-1142 CVE-2023-1136 CVE-2023-1141 CVE-2023-1135 CVE-2023-1140

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/cd66da71-82be-4038-8e2c-4c9135bf4ecb