Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-1142PUBLISHED: 2023-03-27In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use URL decoding to retrieve system files, credentials, and bypass authentication resulting in privilege escalation.
CVE-2023-1143PUBLISHED: 2023-03-27In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code.
CVE-2023-1144PUBLISHED: 2023-03-27Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contains an improper access control vulnerability in which an attacker can use the Device-Gateway service and bypass authorization, which could result in privilege escalation.
CVE-2023-1145PUBLISHED: 2023-03-27Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-DataCollect service, which could allow deserialization of requests prior to authentication, resulting in remote code execution.
CVE-2023-1655PUBLISHED: 2023-03-27Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4.0.
User Rank: Ninja
2/26/2015 | 9:38:53 AM
"Still though: if they sue a third party for doing a lousy job of securing data, they might be able to make a civil case out of it and win cash. But attribution -- learning who the attackers are -- will only lead to a criminal case, won't it? And the breached company isn't going to make any cash off of that, will they?"
Seriously! Look at the Anthem, Sony and Target breaches... who are they going to sue? From what we do know everyone of them were at the very least borderline negligent, doing only the very minimum to meet requirments ignoring or flat out dismissing warnings and examples of how other companies were successfully attacked.
It's way to easy to blame an attacker for breacking into your network and stealing whatever is available, but it's much harder to hold your own feet to the fire... and keep the shareholders happy.