What is the severity of CVE-2024-10456?

CVE-2024-10456 has a medium severity due to the potential for deserialization of arbitrary .NET objects.

How do I fix CVE-2024-10456?

To fix CVE-2024-10456, upgrade Delta Electronics InfraSuite Device Master to version 1.0.12 or later.

What versions of Delta Electronics InfraSuite Device Master are affected by CVE-2024-10456?

All versions prior to 1.0.12 of Delta Electronics InfraSuite Device Master are affected by CVE-2024-10456.

What type of vulnerability is CVE-2024-10456?

CVE-2024-10456 is a deserialization vulnerability that specifically targets the Device-Gateway.

What are the implications of CVE-2024-10456 if exploited?

If CVE-2024-10456 is exploited, an attacker could potentially execute arbitrary code through deserialization prior to authentication.

Vulnerability/
CVE-2024-10456

critical

9.8

CWE

502

30/10/2024

1/11/2024

CVE-2024-10456: Delta Electronics InfraSuite Device Master Deserialization of Untrusted Data

First published: Wed Oct 30 2024(Updated: )

Delta Electronics InfraSuite Device Master versions prior to 1.0.12 are affected by a deserialization vulnerability that targets the Device-Gateway, which could allow deserialization of arbitrary .NET objects prior to authentication.

Credit: ics-cert@hq.dhs.gov

Affected Software	Affected Version	How to fix
Delta Electronics InfraSuite Device Master	<1.0.12

Remedy

Delta Electronics states that this issue was fixed by version 1.0.13 released in October 2024. Delta recommends updating to version 1.0.13 https://datacenter-softwarecenter.deltaww.com/Download/UPS/Software/InfraSuite_Device_Master_1.0.13.exe or later.

Never miss a vulnerability like this again

Reference Links

https://www.cisa.gov/news-events/ics-advisories/icsa-24-303-03

Frequently Asked Questions

What is the severity of CVE-2024-10456?
CVE-2024-10456 has a medium severity due to the potential for deserialization of arbitrary .NET objects.
How do I fix CVE-2024-10456?
To fix CVE-2024-10456, upgrade Delta Electronics InfraSuite Device Master to version 1.0.12 or later.
What versions of Delta Electronics InfraSuite Device Master are affected by CVE-2024-10456?
All versions prior to 1.0.12 of Delta Electronics InfraSuite Device Master are affected by CVE-2024-10456.
What type of vulnerability is CVE-2024-10456?
CVE-2024-10456 is a deserialization vulnerability that specifically targets the Device-Gateway.
What are the implications of CVE-2024-10456 if exploited?
If CVE-2024-10456 is exploited, an attacker could potentially execute arbitrary code through deserialization prior to authentication.

agent/weakness
agent/references
agent/title
agent/remedy
agent/description
agent/type
agent/first-publish-date
agent/severity
agent/author
agent/event
collector/nvd-api
source/NVD
agent/last-modified-date
collector/mitre-cve
source/MITRE
agent/source
agent/tags
agent/softwarecombine
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.