OTPulse
FeedAboutContact

Delta Electronics InfraSuite Device Master

Act Now9.8ICS-CERT ICSA-24-303-03Oct 29, 2024
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

InfraSuite Device Master versions 1.0.12 and earlier contain an unsafe deserialization vulnerability (CWE-502) that allows an unauthenticated attacker to remotely execute arbitrary code. The vulnerability is triggered when the service processes untrusted input without proper validation, enabling code injection. Delta Electronics released a fix in version 1.0.13 (October 2024).

What this means
What could happen
An unauthenticated attacker with network access to InfraSuite Device Master could execute arbitrary code on the device, potentially allowing them to modify device configurations, control settings, or disrupt monitoring and management functions across connected infrastructure.
Who's at risk
Water utilities and electric utilities should prioritize this. Any organization running Delta InfraSuite Device Master (used for centralized infrastructure device monitoring and management) needs to assess exposure. The Device Master is typically a network-facing management server, so it is of concern if it has direct internet access or is accessible from untrusted networks.
How it could be exploited
An attacker on the network (or internet if the device is exposed) sends a malicious request to InfraSuite Device Master. The vulnerable service accepts the request without authentication and deserializes untrusted data (CWE-502), allowing the attacker to execute arbitrary code with the privileges of the Device Master process.
Prerequisites
  • Network access to InfraSuite Device Master (port and protocol unspecified, but remotely accessible)
  • No authentication required
  • Device running vulnerable version 1.0.12 or earlier
Remotely exploitableNo authentication requiredLow complexity attackCritical CVSS score (9.8)Unsafe deserialization (CWE-502)
Exploitability
Moderate exploit probability (EPSS 1.5%)
Affected products (1)
ProductAffected VersionsFix Status
InfraSuite Device Master: <=1.0.12≤ 1.0.121.0.13
Remediation & Mitigation
0/4
Do now
0/3
HARDENINGRestrict network access to InfraSuite Device Master by placing it behind a firewall and denying internet-facing access
HARDENINGIsolate the Device Master and connected infrastructure devices from business networks using network segmentation
HARDENINGIf remote access to Device Master is required, use a VPN with current security updates
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate InfraSuite Device Master to version 1.0.13 or later
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/faef29e3-a6f5-4597-a93c-c8d227f9e61f