{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-02T14:36:22.651","vulnerabilities":[{"cve":{"id":"CVE-2022-41688","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2022-10-31T20:15:13.527","lastModified":"2024-11-21T07:23:39.087","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"\nDelta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper authentication for functions that create and modify user groups. An attacker could provide malicious serialized objects that could run these functions without authentication to create a new user and add them to the administrator group.\n\n"},{"lang":"es","value":"Las versiones 00.00.01a y anteriores de Delta Electronics InfraSuite Device Master carecen de autenticación adecuada para las funciones que crean y modifican grupos de usuarios. Un atacante podría proporcionar objetos serializados maliciosos que podrían ejecutar estas funciones sin autenticación para crear un nuevo usuario y agregarlo al grupo de administradores.\n"}],"metrics":{"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:deltaww:infrasuite_device_master:*:*:*:*:*:*:*:*","versionEndExcluding":"00.00.02a","matchCriteriaId":"0BC08CDF-4EE4-4E6D-AFF0-A4749A91A05D"}]}]}],"references":[{"url":"https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-07","source":"ics-cert@hq.dhs.gov","tags":["Patch","Third Party Advisory","US Government Resource"]},{"url":"https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-07","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","US Government Resource"]}]}}]}