Sign-up

ID

VAR-202302-1475


CVE

CVE-2023-0822


TITLE

Delta Electronics, INC.  of  DIAEnergie  Vulnerability in externally accessible files or directories in

Trust: 0.8

sources: JVNDB: JVNDB-2023-004268

DESCRIPTION

The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality. Delta Electronics, INC. of DIAEnergie Exists in a vulnerability in externally accessible files or directories.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2023-0822 // JVNDB: JVNDB-2023-004268 // VULMON: CVE-2023-0822

AFFECTED PRODUCTS

vendor:deltawwmodel:diaenergiescope:ltversion:1.9.03.001

Trust: 1.0

vendor:deltamodel:diaenergiescope:eqversion:1.9.03.001

Trust: 0.8

vendor:deltamodel:diaenergiescope: - version: -

Trust: 0.8

vendor:deltamodel:diaenergiescope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-004268 // NVD: CVE-2023-0822

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2023-0822
value: HIGH

Trust: 1.8

ics-cert@hq.dhs.gov: CVE-2023-0822
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202302-1537
value: HIGH

Trust: 0.6

NVD:
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2023-0822
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-004268 // NVD: CVE-2023-0822 // NVD: CVE-2023-0822 // CNNVD: CNNVD-202302-1537

PROBLEMTYPE DATA

problemtype:CWE-552

Trust: 1.0

problemtype:Externally accessible file or directory (CWE-552) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-004268 // NVD: CVE-2023-0822

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-1537

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202302-1537

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2023-0822

PATCH
title:Delta Electronics DIAEnergie Remediation measures for authorization problem vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=227117
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202302-1537

EXTERNAL IDS
db:NVDid:CVE-2023-0822
Trust: 3.3
db:ICS CERTid:ICSA-22-298-06
Trust: 2.5
db:JVNid:JVNVU91874962
Trust: 0.8
db:JVNDBid:JVNDB-2023-004268
Trust: 0.8
db:CNNVDid:CNNVD-202302-1537
Trust: 0.6
db:VULMONid:CVE-2023-0822
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-0822 // 
            
            
            
            JVNDB: JVNDB-2023-004268 // 
            
            
            
            NVD: CVE-2023-0822 // 
            
            
            
            CNNVD: CNNVD-202302-1537

REFERENCES
url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-06
Trust: 2.5
url:https://jvn.jp/vu/jvnvu91874962/
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2023-0822
Trust: 0.8
url:https://cxsecurity.com/cveshow/cve-2023-0822/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/285.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-0822 // 
            
            
            
            JVNDB: JVNDB-2023-004268 // 
            
            
            
            NVD: CVE-2023-0822 // 
            
            
            
            CNNVD: CNNVD-202302-1537

SOURCES
db:VULMONid:CVE-2023-0822
db:JVNDBid:JVNDB-2023-004268
db:NVDid:CVE-2023-0822
db:CNNVDid:CNNVD-202302-1537

LAST UPDATE DATE
2023-12-18T11:55:27.458000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2023-0822date:2023-02-17T00:00:00
db:JVNDBid:JVNDB-2023-004268date:2023-10-27T05:01:00
db:NVDid:CVE-2023-0822date:2023-11-07T04:01:31.900
db:CNNVDid:CNNVD-202302-1537date:2023-03-01T00:00:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2023-0822date:2023-02-17T00:00:00
db:JVNDBid:JVNDB-2023-004268date:2023-10-27T00:00:00
db:NVDid:CVE-2023-0822date:2023-02-17T17:15:11.570
db:CNNVDid:CNNVD-202302-1537date:2023-02-17T00:00:00