Improper Authorization
CVE-2023-0822

8.8HIGH

Key Information:

Vendor: Delta Electronics
Status: Diaenergie
Vendor: CVE Published:; 17 February 2023

Summary

DIAEnergie prior to version 1.9.03.001 is susceptible to improper authorization, enabling unauthorized users to bypass security measures and gain access to sensitive features. This vulnerability poses significant risks to the confidentiality and integrity of the system, as malicious entities may exploit it to manipulate or extract privileged information.

Affected Version(s)

DIAEnergie 0

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-06

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 17, 2023
Vulnerability Reserved
Feb 14, 2023

Credit

Michael Heinzl reported these vulnerabilities to CISA.