CVE-2023-47279 – Delta Electronics InfraSuite Device Master v1.0... (How to Fix)

Q: What is the severity of CVE-2023-47279?

CVE-2023-47279 has a CVSS score of 7.5 (HIGH). Delta Electronics InfraSuite Device Master v1.0.7 contains a path traversal vulnerability (CWE-22) that allows unauthenticated attackers to access sensitive files via specially crafted UDP packets. This can lead to disclosure of user information, plaintext credentials, or enable NTLM relaying attacks. Organizations using this industrial control system software are affected.

📋 TL;DR

Delta Electronics InfraSuite Device Master v1.0.7 contains a path traversal vulnerability (CWE-22) that allows unauthenticated attackers to access sensitive files via specially crafted UDP packets. This can lead to disclosure of user information, plaintext credentials, or enable NTLM relaying attacks. Organizations using this industrial control system software are affected.

💻 Affected Systems

Products:

Delta Electronics InfraSuite Device Master

Versions: v1.0.7

Operating Systems: Windows-based industrial control systems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems with InfraSuite Device Master installed and accessible via UDP.

📦 What is this software?

Infrasuite Device Master by Deltaww

View all CVEs affecting Infrasuite Device Master →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through credential theft, lateral movement within OT/IT networks, and potential disruption of industrial operations.

🟠

Likely Case

Unauthorized access to sensitive configuration files, user credentials, and system information leading to further reconnaissance and targeted attacks.

🟢

If Mitigated

Limited information disclosure with no direct path to system compromise if proper network segmentation and monitoring are in place.

🌐 Internet-Facing: HIGH - Unauthenticated UDP-based attack requires no credentials and can be performed remotely.

🏢 Internal Only: HIGH - Even internally, the vulnerability allows lateral movement and credential theft without authentication.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Single UDP packet exploitation makes this trivial to weaponize. CISA advisory indicates active exploitation is likely.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v1.0.8 or later

Vendor Advisory: https://www.deltaww.com/en-US/Services/DownloadCenter

Restart Required: Yes

Instructions:

1. Download latest version from Delta Electronics support portal. 2. Backup configuration. 3. Install update. 4. Restart system. 5. Verify version is v1.0.8+.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate InfraSuite Device Master systems from untrusted networks using firewalls.

UDP Port Restriction

all

Block UDP traffic to InfraSuite Device Master except from authorized management systems.

🧯 If You Can't Patch

Implement strict network segmentation to isolate vulnerable systems
Deploy intrusion detection systems to monitor for UDP-based exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check if InfraSuite Device Master v1.0.7 is installed and listening on UDP ports. Use network scanning tools to identify vulnerable instances.

Check Version:

Check application interface or installed programs list for version information.

Verify Fix Applied:

Verify software version is v1.0.8 or later in application interface or through version check command.

📡 Detection & Monitoring

Log Indicators:

Unexpected UDP packets to InfraSuite Device Master
File access attempts to sensitive paths
Authentication failures following UDP traffic

Network Indicators:

UDP packets with path traversal patterns to InfraSuite ports
Unusual outbound connections following UDP requests

SIEM Query:

source_port:udp AND dest_port:[InfraSuite_ports] AND payload_contains:"..\\" OR payload_contains:"%2e%2e"

📊 Metadata

CVE ID: CVE-2023-47279

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-22

Published: November 30, 2023

Last Updated: April 15, 2025

🔗 References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-331-01 Third Party Advisory,US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-331-01 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-47279, you might also want to check these: