Delta Electronics InfraSuite Device Master versions prior to 1.0.12 are affected by a deserialization vulnerability that targets the Device-Gateway, which could allow deserialization of arbitrary .NET objects prior to authentication.
Fixes

Solution

Delta Electronics states that this issue was fixed by version 1.0.13 released in October 2024. Delta recommends updating to version 1.0.13 https://datacenter-softwarecenter.deltaww.com/Download/UPS/Software/InfraSuite_Device_Master_1.0.13.exe  or later.


Workaround

No workaround given by the vendor.

History

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00143}

epss

{'score': 0.00145}


Wed, 30 Oct 2024 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Deltaww
Deltaww infrasuite Device Master
CPEs cpe:2.3:a:deltaww:infrasuite_device_master:*:*:*:*:*:*:*:*
Vendors & Products Deltaww
Deltaww infrasuite Device Master
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 30 Oct 2024 18:15:00 +0000

Type Values Removed Values Added
Description Delta Electronics InfraSuite Device Master versions prior to 1.0.12 are affected by a deserialization vulnerability that targets the Device-Gateway, which could allow deserialization of arbitrary .NET objects prior to authentication.
Title Delta Electronics InfraSuite Device Master Deserialization of Untrusted Data
Weaknesses CWE-502
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2024-10-30T18:15:45.431Z

Reserved: 2024-10-28T14:05:02.628Z

Link: CVE-2024-10456

cve-icon Vulnrichment

Updated: 2024-10-30T18:15:40.044Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-10-30T18:15:05.123

Modified: 2024-11-01T12:57:03.417

Link: CVE-2024-10456

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.