Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-1142PUBLISHED: 2023-03-27In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use URL decoding to retrieve system files, credentials, and bypass authentication resulting in privilege escalation.
CVE-2023-1143PUBLISHED: 2023-03-27In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code.
CVE-2023-1144PUBLISHED: 2023-03-27Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contains an improper access control vulnerability in which an attacker can use the Device-Gateway service and bypass authorization, which could result in privilege escalation.
CVE-2023-1145PUBLISHED: 2023-03-27Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-DataCollect service, which could allow deserialization of requests prior to authentication, resulting in remote code execution.
CVE-2023-1655PUBLISHED: 2023-03-27Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4.0.
User Rank: Ninja
7/2/2019 | 12:50:31 PM
One question I have, will they be fined by GDPR and will this be reported. The last few days I have read about Ransomware attacks and organizations being attacked. There was a report submitted by DarkReading that state the report for 2019 took a deep drop in Ransomeware findings. I think the report has not been completed and thus the low number is indicative of lack of information, only time will tell what happens to this endeavor and will the US start pushing those sanctions and penalities like other countries are doing (Facebook, Google and Microsoft).
Other situations where individuals should be fired from the Ransomware attacks are as follows:
Only time will tell.
T