23 matches found
EUVD-2023-12155
Malicious code in bioql PyPI...
CVE-2023-0053
SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior have only FTP and Telnet available for device management. Any sensitive information communicated through these protocols, such as credentials, is sent in cleartext. An attacker could...
Information disclosure
SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior have only FTP and Telnet available for device management. Any sensitive information communicated through these protocols, such as credentials, is sent in cleartext. An attacker could...
CVE-2023-0053 SAUTER Controls Nova 200–220 Series Cleartext Transmission of Sensitive Information
SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior have only FTP and Telnet available for device management. Any sensitive information communicated through these protocols, such as credentials, is sent in cleartext. An attacker could...
CVE-2023-0053 SAUTER Controls Nova 200–220 Series Cleartext Transmission of Sensitive Information
SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior have only FTP and Telnet available for device management. Any sensitive information communicated through these protocols, such as credentials, is sent in cleartext. An attacker could...
CVE-2023-0053
SAUTER Controls Nova 200–220 Series (firmware 3.3-006 and earlier) and BACnetstac 4.2.1 and earlier expose credentials in cleartext because device management relies on FTP/Telnet. CVE-2023-0053 documents cleartext transmission of sensitive information and potential credential exposure, with an im...
CVE-2023-0052
SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. As Telnet and file transfer protocol FTP are the only protocols available for device management, an unauthorized user could acce...
Design/Logic Flaw
SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. As Telnet and file transfer protocol FTP are the only protocols available for device management, an unauthorized user could acce...
CVE-2023-0052 SAUTER Controls Nova 200–220 Series Missing Authentication for Critical Function
SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. As Telnet and file transfer protocol FTP are the only protocols available for device management, an unauthorized user could acce...
CVE-2023-0052 SAUTER Controls Nova 200–220 Series Missing Authentication for Critical Function
SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. As Telnet and file transfer protocol FTP are the only protocols available for device management, an unauthorized user could acce...
CVE-2023-0052
SAUTER Controls Nova 200–220 Series (firmware 3.3-006 and earlier) and BACnetstac 4.2.1 and earlier are affected by CVE-2023-0052 due to missing authentication for a critical function, allowing command execution without credentials. Telemetry shows Telnet and FTP are the only device-management pr...
CISA Warns of Flaws Affecting Industrial Control Systems from Major Manufacturers
The U.S. Cybersecurity and Infrastructure Security Agency CISA has released several Industrial Control Systems ICS advisories warning of critical security flaws affecting products from Sewio, InHand Networks, Sauter Controls, and Siemens. The most severe of the flaws relate to Sewio's RTLS Studio...
Sauter AG Controls Nova 安全漏洞
Sauter AG Controls Nova is an intelligent building automation system from Sauter AG, Switzerland. A security vulnerability exists in Sauter AG Controls Nova 200-220 Series firmware version 3.3-006 and earlier and BACnetstac version 4.2.1 and earlier, which stems from the fact that only FTP and...
CISA Releases Twelve Industrial Control Systems Advisories
CISA released twelve Industrial Control Systems ICS advisories on January 12, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for...
SAUTER Controls Nova 200 - 220 Series (PLC 6)
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: SAUTER Controls Equipment: Nova 200–220 Series PLC 6 Vulnerabilities: Missing Authentication for Critical Function, Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful...
CVE-2022-40190
SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable to reflective cross-site scripting XSS. The web application does not adequately sanitize request strings of malicious JavaScript. An attacker utilizing XSS could then execute malicious code in users’ browsers and steal sensitive...
CVE-2022-40190
SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable to reflective cross-site scripting XSS. The web application does not adequately sanitize request strings of malicious JavaScript. An attacker utilizing XSS could then execute malicious code in users’ browsers and steal sensitive...
Cross site scripting
SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable to reflective cross-site scripting XSS. The web application does not adequately sanitize request strings of malicious JavaScript. An attacker utilizing XSS could then execute malicious code in users’ browsers and steal sensitive...
CVE-2022-40190
SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable to reflective cross-site scripting XSS. The web application does not adequately sanitize request strings of malicious JavaScript. An attacker utilizing XSS could then execute malicious code in users’ browsers and steal sensitive...
CVE-2022-40190
SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable to reflective cross-site scripting XSS. The web application does not adequately sanitize request strings of malicious JavaScript. An attacker utilizing XSS could then execute malicious code in users’ browsers and steal sensitive...