CVE-2024-10456 CRITICAL

CVE-2024-10456: Delta Electronics InfraSuite Device Master Deserialization of Untrusted Data

Vendor Delta Electronics
Product InfraSuite Device Master
Weakness CWE-502 · Unsafe deserialization
Published October 30, 2024
Last update October 30, 2024
View on NVD All CVEs

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Delta Electronics InfraSuite Device Master versions prior to 1.0.12 are affected by a deserialization vulnerability that targets the Device-Gateway, which could allow deserialization of arbitrary .NET objects prior to authentication.

Key dates

02Disclosure timeline

October 30, 2024 CVE published
October 30, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-22369 Apache Camel: Camel-SQL: Unsafe Deserialization from JDBCAggregationRepository CVE-2026-1839 Arbitrary Code Execution via Unsafe torch.load() in Trainer Checkpoint Loading in huggingface/transformers CVE-2024-30227 WordPress Geo Controller plugin <= 8.6.4 - PHP Object Injection vulnerability CVE-2022-4890 abhilash1985 PredictApp Cookie new_framework_defaults_7_0.rb deserialization CVE-2025-22510 WordPress WC Price History for Omnibus plugin <= 2.1.4 - PHP Object Injection vulnerability