Lucene search

[email protected]NVD:CVE-2023-0052

HistoryJan 20, 2023 - 10:15 p.m.

CVE-2023-0052

2023-01-2022:15:10

CWE-306

[email protected]

web.nvd.nist.gov

sauter controls nova

firmware version

bacnetstac version

unauthorized access

device configuration

malicious commands

telnet

ftp

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.001

Percentile

47.2%

JSON

SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. As Telnet and file transfer protocol (FTP) are the only protocols available for device management, an unauthorized user could access the system and modify the device configuration, which could result in the unauthorized user executing unrestricted malicious commands.

Affected configurations

Nvd

Node

sauter-controlsnova_220_eyk220f001Match-

AND

sauter-controlsnova_220_eyk220f001_firmwareRange≤3.3-006

Node

sauter-controlsnova_230_eyk230f001Match-

AND

sauter-controlsnova_230_eyk230f001_firmwareRange≤3.3-006

Node

sauter-controlsnova_106_eyk300f001Match-

AND

sauter-controlsnova_106_eyk300f001_firmwareRange≤3.3-006

Node

sauter-controlsmodunet300_ey-am300f001Match-

AND

sauter-controlsmodunet300_ey-am300f001_firmwareRange≤3.3-006

Node

sauter-controlsmodunet300_ey-am300f002Match-

AND

sauter-controlsmodunet300_ey-am300f002_firmwareRange≤3.3-006

VendorProductVersionCPE
sauter-controlsnova_220_eyk220f001-cpe:2.3:h:sauter-controls:nova_220_eyk220f001:-:*:*:*:*:*:*:*
sauter-controlsnova_220_eyk220f001_firmware*cpe:2.3:o:sauter-controls:nova_220_eyk220f001_firmware:*:*:*:*:*:*:*:*
sauter-controlsnova_230_eyk230f001-cpe:2.3:h:sauter-controls:nova_230_eyk230f001:-:*:*:*:*:*:*:*
sauter-controlsnova_230_eyk230f001_firmware*cpe:2.3:o:sauter-controls:nova_230_eyk230f001_firmware:*:*:*:*:*:*:*:*
sauter-controlsnova_106_eyk300f001-cpe:2.3:h:sauter-controls:nova_106_eyk300f001:-:*:*:*:*:*:*:*
sauter-controlsnova_106_eyk300f001_firmware*cpe:2.3:o:sauter-controls:nova_106_eyk300f001_firmware:*:*:*:*:*:*:*:*
sauter-controlsmodunet300_ey-am300f001-cpe:2.3:h:sauter-controls:modunet300_ey-am300f001:-:*:*:*:*:*:*:*
sauter-controlsmodunet300_ey-am300f001_firmware*cpe:2.3:o:sauter-controls:modunet300_ey-am300f001_firmware:*:*:*:*:*:*:*:*
sauter-controlsmodunet300_ey-am300f002-cpe:2.3:h:sauter-controls:modunet300_ey-am300f002:-:*:*:*:*:*:*:*
sauter-controlsmodunet300_ey-am300f002_firmware*cpe:2.3:o:sauter-controls:modunet300_ey-am300f002_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sauter-controls	nova_220_eyk220f001	-	cpe:2.3:h:sauter-controls:nova_220_eyk220f001:-:::::::*
sauter-controls	nova_220_eyk220f001_firmware	*	cpe:2.3:o:sauter-controls:nova_220_eyk220f001_firmware::::::::
sauter-controls	nova_230_eyk230f001	-	cpe:2.3:h:sauter-controls:nova_230_eyk230f001:-:::::::*
sauter-controls	nova_230_eyk230f001_firmware	*	cpe:2.3:o:sauter-controls:nova_230_eyk230f001_firmware::::::::
sauter-controls	nova_106_eyk300f001	-	cpe:2.3:h:sauter-controls:nova_106_eyk300f001:-:::::::*
sauter-controls	nova_106_eyk300f001_firmware	*	cpe:2.3:o:sauter-controls:nova_106_eyk300f001_firmware::::::::
sauter-controls	modunet300_ey-am300f001	-	cpe:2.3:h:sauter-controls:modunet300_ey-am300f001:-:::::::*
sauter-controls	modunet300_ey-am300f001_firmware	*	cpe:2.3:o:sauter-controls:modunet300_ey-am300f001_firmware::::::::
sauter-controls	modunet300_ey-am300f002	-	cpe:2.3:h:sauter-controls:modunet300_ey-am300f002:-:::::::*
sauter-controls	modunet300_ey-am300f002_firmware	*	cpe:2.3:o:sauter-controls:modunet300_ey-am300f002_firmware::::::::