Delta Electronics InfraSuite Device Master

Act NowCVSS 9.8ICS-CERT ICSA-24-130-03May 9, 2024

Delta Electronics

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Delta Electronics InfraSuite Device Master versions 1.0.10 and earlier contain an unsafe deserialization vulnerability (CWE-502) that allows remote code execution. An attacker with network access can exploit this flaw without authentication to run arbitrary commands. The vulnerability affects the central infrastructure management platform that monitors and controls distributed SCADA and automation devices.

What this means

What could happen

An attacker could execute arbitrary code on the Device Master, potentially compromising the entire infrastructure management platform and all connected devices or systems it controls.

Who's at risk

Water utilities and electric utilities using Delta Electronics InfraSuite Device Master for infrastructure management should prioritize this immediately. The Device Master is a centralized control platform; compromise could affect all connected SCADA systems, PLCs, and remote terminal units (RTUs) that it manages.

How it could be exploited

An attacker with network access to the Device Master can send a malicious request that exploits unsafe deserialization (CWE-502) to execute code remotely without authentication. No user interaction is required.

Prerequisites

Network access to the Device Master on its listening port
No authentication or credentials required

remotely exploitableno authentication requiredlow complexityactively exploited (KEV)very high EPSS score (94.4%)affects infrastructure management platform

Exploitability

Actively exploited — confirmed by CISA KEV

Metasploit module available — weaponized exploitView module ↗

Public Proof-of-Concept (PoC) on GitHub (10 repositories)

Affected products (1)

ProductAffected VersionsFix Status

InfraSuite Device Master: <=1.0.10≤ 1.0.101.0.11+

Remediation & Mitigation

0/3

Do now

0/3

HOTFIXUpdate Delta Electronics InfraSuite Device Master to version 1.0.11 or later

HARDENINGIsolate the Device Master from the internet and business networks; place it behind a firewall

WORKAROUNDRestrict network access to the Device Master to only authorized engineering and operations personnel; use VPN with strong authentication if remote access is required

CVEs (1)

CVE-2023-46604

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/658ece56-03f0-48a2-a806-2dbaf3abd089

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.