Rewterz Threat Alert – APT-C-23 or AridViper Threat Group – Active IOCs
November 14, 2022Rewterz Threat Advisory – CVE-2022-3408 – WordPress WP Word Count Plugin Vulnerability
November 14, 2022Rewterz Threat Alert – APT-C-23 or AridViper Threat Group – Active IOCs
November 14, 2022Rewterz Threat Advisory – CVE-2022-3408 – WordPress WP Word Count Plugin Vulnerability
November 14, 2022Severity
High
Analysis Summary
CVE-2022-40202 CVSS:9.8
Delta Electronics InfraSuite Device Master could allow a remote attacker to execute arbitrary code on the system, caused by the lack of proper authentication. By sending specially crafted serialized objects which, when deserialized, could activate an opcode for a backup scheduling function without authentication, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-41644 CVSS:9.8
Delta Electronics InfraSuite Device Master could allow a remote authenticated attacker gain elevated privileges on the system, caused by the lack of authentication for a function that changes group privileges. An attacker could exploit this vulnerability to create a denial-of-service state or escalate their own privileges.
Impact
- Code Execution
- Privilege Escalatiton
Indicators Of Compromise
CVE
- CVE-2022-40202
- CVE-2022-41644
Affected Vendors
Delta Electronics
Affected Products
- Delta Electronics InfraSuite Device Master 00.00.01a
Remediation
Refer to Siemens Security Advisory for patch, upgrade or suggested workaround information.