CVE-2023-0053

Published: Mar 2, 2023Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior have only FTP and Telnet available for device management. Any sensitive information communicated through these protocols, such as credentials, is sent in cleartext. An attacker could obtain sensitive information such as user credentials to gain access to the system.

Affected (6)

Products: Sauter Controls: Nova 220 Eyk220f001 Firmware, Nova 230 Eyk230f001 Firmware, Nova 106 Eyk300f001 Firmware, Modunet300 Ey Am300f001 Firmware, Modunet300 Ey Am300f002 Firmware, Bacnetstac

Sauter Controls

6 products

Nova 220 Eyk220f001 Firmware

Nova 230 Eyk230f001 Firmware

Nova 106 Eyk300f001 Firmware

Modunet300 Ey Am300f001 Firmware

Modunet300 Ey Am300f002 Firmware

Bacnetstac

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sauter Controls Nova 220 Eyk220f001 Firmware	Up to 3.3-006

Running on/with	Platform Versions
Sauter Controls Nova 220 Eyk220f001	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sauter Controls Nova 230 Eyk230f001 Firmware	Up to 3.3-006

Running on/with	Platform Versions
Sauter Controls Nova 230 Eyk230f001	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sauter Controls Nova 106 Eyk300f001 Firmware	Up to 3.3-006

Running on/with	Platform Versions
Sauter Controls Nova 106 Eyk300f001	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sauter Controls Modunet300 Ey Am300f001 Firmware	Up to 3.3-006

Running on/with	Platform Versions
Sauter Controls Modunet300 Ey Am300f001	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sauter Controls Modunet300 Ey Am300f002 Firmware	Up to 3.3-006

Running on/with	Platform Versions
Sauter Controls Modunet300 Ey Am300f002	All versions

Configuration F

1 vulnerable

Vulnerable Software	Affected Versions
Sauter Controls Bacnetstac	Up to 4.2.1

Related CWEs

CWE-319

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (2)

https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-05

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-05

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.