Cyber Resilience

CVE-2023-0822

High

Published: 17 February 2023

Published
17 February 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0022 44.9th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-0822 is a high-severity Improper Authorization (CWE-285) vulnerability in Deltaww Diaenergie. Its CVSS base score is 8.8 (High).

Operationally, ranked at the 44.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

deltaww
diaenergie
≤ 1.9.03.001

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-285 CWE-552

Authorization checks via training and content reviews ensure only approved information is released to public systems.

addresses: CWE-285 CWE-552

Documenting access to processing and storage locations helps ensure correct authorization for information resources.

addresses: CWE-285 CWE-552

Requiring explicit approval for maintenance activities and component removal enforces proper authorization for critical system operations.

addresses: CWE-285 CWE-552

Procedures enforce authorization rules for media handling, making unauthorized actions harder to perform without detection.

addresses: CWE-285 CWE-552

Limiting media access to authorized parties addresses improper authorization for resource access.

addresses: CWE-285 CWE-552

The control requires authorization mechanisms and senior approval to prevent unauthorized viewing or alteration of the plan.

addresses: CWE-285 CWE-552

Mandates authorization checks so public access cannot perform disallowed operations or modifications.

addresses: CWE-285 CWE-552

Decoys identify and block exploitation of improper authorization by providing monitored targets that mimic protected functions.

References