December 11, 2023 at 07:48AM
Critical vulnerabilities in Delta Electronics’ InfraSuite Device Master, a data center facility monitoring software, were disclosed by CISA and ZDI. The flaws, including remote code execution and obtaining plaintext credentials, can be exploited by attackers to hide destructive activities from employees and gain administrative privileges. These vulnerabilities have reportedly been targeted by malicious actors.
The meeting notes highlight the critical vulnerabilities found in Delta Electronics’ InfraSuite Device Master, an operational technology (OT) monitoring product, which could allow hackers to conceal destructive activities from employees within targeted organizations. The vulnerabilities were disclosed by the US cybersecurity agency CISA and Trend Micro’s Zero Day Initiative and are described as having the potential to be exploited for remote code execution and obtaining sensitive information. One identified critical vulnerability, tracked as CVE-2023-47207, could be exploited from the internet, granting an attacker administrative access to the system. This breach could be used to hide important alerts from operators and target OT systems within an enterprise environment for potential disruption or damage. It has been noted that malicious actors have already targeted these vulnerabilities, making it crucial for Delta Electronics to address these security risks promptly.