Delta Electronics fixes a critical flaw in its InfraSuite Device Master
Take action: If you are running InfraSuite Device Master software in your environment, make sure it's isolated from the internet and accessible only from trusted networks. Then plan a patch, don't ignore this flaw.
Learn More
Delta Electronics has addressed a critical vulnerability in its InfraSuite Device Master, a real-time device monitoring software.
Delta Electronics InfraSuite Device Master is a software solution designed for real-time monitoring and management of critical infrastructure in data centers, enabling users to track the status of devices, manage events, and take corrective actions across multiple sites
The vulnerability, tracked as CVE-2024-10456 (CVSS score 9.8), allows unauthenticated remote code execution due to deserialization of untrusted or arbitrary .NET objects before authentication. If successfully exploited, this vulnerability could allow attackers to execute arbitrary code remotely.
Affected Product is InfraSuite Device Master versions 1.0.12 and earlier
Delta Electronics has released version 1.0.13 in October 2024 (direct download link to file), which fixes this vulnerability. Users are strongly advised to upgrade to this version or later.
Users are also advised to use firewalls to isolate control networks from business networks and implement secure remote access methods, such as VPNs, while keeping them up to date.
