CVE-2023-0052 SAUTER Controls Nova 200–220 Series Missing Authentication for Critical Function

🗓️ 20 Jan 2023 21:23:08Reported by icscertType

SAUTER Controls Nova 200–220 Series Missing Authentication for Critical Functio

Reporter	Title	Published	Views	Family All 13
BDU FSTEC	The vulnerability of the microprogrammed logic controllers Sauter Nova 220, 230, and 106 lies in the absence of authentication for a critical function. This allows attackers to bypass security restrictions and execute arbitrary commands.	11 Dec 202300:00	–	bdu_fstec
Circl	CVE-2023-0052	21 Jan 202300:22	–	circl
CNNVD	Sauter AG Controls Nova 访问控制错误漏洞	13 Jan 202300:00	–	cnnvd
CVE	CVE-2023-0052	20 Jan 202321:23	–	cve
EUVD	EUVD-2023-12155	3 Oct 202520:07	–	euvd
ICS	SAUTER Controls Nova 200 - 220 Series (PLC 6)	12 Jan 202300:00	–	ics
NVD	CVE-2023-0052	20 Jan 202322:15	–	nvd
OSV	CVE-2023-0052	20 Jan 202322:15	–	osv
Prion	Design/Logic Flaw	20 Jan 202322:15	–	prion
Positive Technologies	PT-2023-7518 · Sauter · Sauter Controls Nova 106 +2	12 Jan 202300:00	–	ptsecurity

[
  {
    "defaultStatus": "unaffected",
    "product": "Nova 220 (EYK220F001) DDC with BACnet connection",
    "vendor": "SAUTER Controls",
    "versions": [
      {
        "lessThanOrEqual": "3.3-006",
        "status": "affected",
        "version": "Firmware all versions",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "4.2.1",
        "status": "affected",
        "version": "BACnetstac all versions",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Nova 230 (EYK230F001) DDC with BACnet connection",
    "vendor": "SAUTER Controls",
    "versions": [
      {
        "lessThanOrEqual": "3.3-006",
        "status": "affected",
        "version": "Firmware all versions",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "4.2.1",
        "status": "affected",
        "version": "BACnetstac all versions",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Nova 106 (EYK300F001) BACnet communication card",
    "vendor": "SAUTER Controls",
    "versions": [
      {
        "lessThanOrEqual": "3.3-006",
        "status": "affected",
        "version": "Firmware all versions",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "4.2.1",
        "status": "affected",
        "version": "BACnetstac all versions",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "moduNet300 (EY-AM300F001, EY-AM300F002)",
    "vendor": "SAUTER Controls",
    "versions": [
      {
        "lessThanOrEqual": "3.3-006",
        "status": "affected",
        "version": "Firmware all versions",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "4.2.1",
        "status": "affected",
        "version": "BACnetstac all versions",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
cisa	www.cisa.gov/uscert/ics/advisories/icsa-23-012-05

26 Oct 2023 23:15Current

9.7High risk

Vulners AI Score9.7

CVSS 3.19.8

EPSS0.00255

CWE-306