Lucene search

[email protected]NVD:CVE-2023-0053

HistoryMar 02, 2023 - 1:15 a.m.

CVE-2023-0053

2023-03-0201:15:11

CWE-319

[email protected]

web.nvd.nist.gov

sauter controls

nova 200–220 series

firmware vulnerability

ftp

telnet

cleartext

credentials

attacker

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.6

Confidence

High

EPSS

0.002

Percentile

57.3%

JSON

SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and
prior and BACnetstac version 4.2.1 and prior have only FTP and Telnet
available for device management. Any sensitive information communicated
through these protocols, such as credentials, is sent in cleartext. An
attacker could obtain sensitive information such as user credentials to
gain access to the system.

Affected configurations

Nvd

Node

sauter-controlsnova_220_eyk220f001Match-

AND

sauter-controlsnova_220_eyk220f001_firmwareRange≤3.3-006

Node

sauter-controlsnova_230_eyk230f001Match-

AND

sauter-controlsnova_230_eyk230f001_firmwareRange≤3.3-006

Node

sauter-controlsnova_106_eyk300f001_firmwareRange≤3.3-006

AND

sauter-controlsnova_106_eyk300f001Match-

Node

sauter-controlsmodunet300_ey-am300f001_firmwareRange≤3.3-006

AND

sauter-controlsmodunet300_ey-am300f001Match-

Node

sauter-controlsmodunet300_ey-am300f002_firmwareRange≤3.3-006

AND

sauter-controlsmodunet300_ey-am300f002Match-

Node

sauter-controlsbacnetstacRange≤4.2.1

VendorProductVersionCPE
sauter-controlsnova_220_eyk220f001-cpe:2.3:h:sauter-controls:nova_220_eyk220f001:-:*:*:*:*:*:*:*
sauter-controlsnova_220_eyk220f001_firmware*cpe:2.3:o:sauter-controls:nova_220_eyk220f001_firmware:*:*:*:*:*:*:*:*
sauter-controlsnova_230_eyk230f001-cpe:2.3:h:sauter-controls:nova_230_eyk230f001:-:*:*:*:*:*:*:*
sauter-controlsnova_230_eyk230f001_firmware*cpe:2.3:o:sauter-controls:nova_230_eyk230f001_firmware:*:*:*:*:*:*:*:*
sauter-controlsnova_106_eyk300f001_firmware*cpe:2.3:o:sauter-controls:nova_106_eyk300f001_firmware:*:*:*:*:*:*:*:*
sauter-controlsnova_106_eyk300f001-cpe:2.3:h:sauter-controls:nova_106_eyk300f001:-:*:*:*:*:*:*:*
sauter-controlsmodunet300_ey-am300f001_firmware*cpe:2.3:o:sauter-controls:modunet300_ey-am300f001_firmware:*:*:*:*:*:*:*:*
sauter-controlsmodunet300_ey-am300f001-cpe:2.3:h:sauter-controls:modunet300_ey-am300f001:-:*:*:*:*:*:*:*
sauter-controlsmodunet300_ey-am300f002_firmware*cpe:2.3:o:sauter-controls:modunet300_ey-am300f002_firmware:*:*:*:*:*:*:*:*
sauter-controlsmodunet300_ey-am300f002-cpe:2.3:h:sauter-controls:modunet300_ey-am300f002:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sauter-controls	nova_220_eyk220f001	-	cpe:2.3:h:sauter-controls:nova_220_eyk220f001:-:::::::*
sauter-controls	nova_220_eyk220f001_firmware	*	cpe:2.3:o:sauter-controls:nova_220_eyk220f001_firmware::::::::
sauter-controls	nova_230_eyk230f001	-	cpe:2.3:h:sauter-controls:nova_230_eyk230f001:-:::::::*
sauter-controls	nova_230_eyk230f001_firmware	*	cpe:2.3:o:sauter-controls:nova_230_eyk230f001_firmware::::::::
sauter-controls	nova_106_eyk300f001_firmware	*	cpe:2.3:o:sauter-controls:nova_106_eyk300f001_firmware::::::::
sauter-controls	nova_106_eyk300f001	-	cpe:2.3:h:sauter-controls:nova_106_eyk300f001:-:::::::*
sauter-controls	modunet300_ey-am300f001_firmware	*	cpe:2.3:o:sauter-controls:modunet300_ey-am300f001_firmware::::::::
sauter-controls	modunet300_ey-am300f001	-	cpe:2.3:h:sauter-controls:modunet300_ey-am300f001:-:::::::*
sauter-controls	modunet300_ey-am300f002_firmware	*	cpe:2.3:o:sauter-controls:modunet300_ey-am300f002_firmware::::::::
sauter-controls	modunet300_ey-am300f002	-	cpe:2.3:h:sauter-controls:modunet300_ey-am300f002:-:::::::*