Vulnerabilities > CVE-2023-0822 - Files or Directories Accessible to External Parties vulnerability in Deltaww Diaenergie

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

deltaww

CWE-552

NVD

Published: 2023-02-17

Updated: 2023-11-07

Summary

The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality.

Vulnerable Configurations

Part	Description	Count
Application	Deltaww Deltaww Diaenergie - Deltaww Diaenergie 1.7.5 Deltaww Diaenergie 1.08.00 Deltaww Diaenergie 1.8.0 Deltaww Diaenergie 1.8.02.004 Deltaww Diaenergie 1.9.0 Deltaww Diaenergie 1.9.01.001 Deltaww Diaenergie 1.9.01.002	8

Common Weakness Enumeration (CWE)

CWE-552 - Files or Directories Accessible to External Parties

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-06