CVE-2023-0822
published 2023-02-17CVE-2023-0822: The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization…
PriorityP353high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.63%
45.8th percentile
The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| delta_electronics | diaenergie | < v1.9.03.001 | v1.9.03.001 |
| deltaww | diaenergie | < 1.9.03.001 | 1.9.03.001 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cggm-hmmc-252c: The affected product DIAEnergie (versions prior to v1
ghsa_unreviewed·2023-02-17
CVE-2023-0822 [HIGH] CWE-285 GHSA-cggm-hmmc-252c: The affected product DIAEnergie (versions prior to v1
The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality.
CISA ICS
Delta Electronics DIAEnergie (Update B)
cisa_ics·2022-11-10·CVSS 8.7
[HIGH] Delta Electronics DIAEnergie (Update B)
ICS Advisory
##
Delta Electronics DIAEnergie (Update B)
Last RevisedFebruary 16, 2023
Alert CodeICSA-22-298-06
## 1. EXECUTIVE SUMMARY
- CVSS v3 8.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Delta Electronics
- Equipment: DIAEnergie
--------- Begin Update B part 1 of 5 ---------
- Vulnerabilities: Cross-site Scripting, SQL Injection, Authorization Bypass
--------- End Update B part 1 of 5 ---------
## 2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-22-298-06 Delta Electronics DIAEnergie (Update A) that was published November 10, 2022, to the ICS webpage at www.cisa.gov/ics.
## 3. RISK EVALUATION
--------- Begin Update B part 2 of 5 ---------
Successful exploitation of these vulnera
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-02-17
Published