March 22, 2024
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Rewterz Threat Alert – APT-C-23 or AridViper Threat Group – Active IOCs
November 14, 2022
Rewterz Threat Advisory – CVE-2022-3408 – WordPress WP Word Count Plugin Vulnerability
November 14, 2022
Rewterz Threat Alert – APT-C-23 or AridViper Threat Group – Active IOCs
November 14, 2022
Rewterz Threat Advisory – CVE-2022-3408 – WordPress WP Word Count Plugin Vulnerability
November 14, 2022
Severity
High
Analysis Summary
CVE-2022-40202 CVSS:9.8
Delta Electronics InfraSuite Device Master could allow a remote attacker to execute arbitrary code on the system, caused by the lack of proper authentication. By sending specially crafted serialized objects which, when deserialized, could activate an opcode for a backup scheduling function without authentication, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-41644 CVSS:9.8
Delta Electronics InfraSuite Device Master could allow a remote authenticated attacker gain elevated privileges on the system, caused by the lack of authentication for a function that changes group privileges. An attacker could exploit this vulnerability to create a denial-of-service state or escalate their own privileges.
Impact
- Code Execution
- Privilege Escalatiton
Indicators Of Compromise
CVE
- CVE-2022-40202
- CVE-2022-41644
Affected Vendors
Delta Electronics
Affected Products
- Delta Electronics InfraSuite Device Master 00.00.01a
Remediation
Refer to Siemens Security Advisory for patch, upgrade or suggested workaround information.