CVE-2023-0053

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-0053
SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior have only FTP and Telnet available for device management. Any sensitive information communicated through these protocols, such as credentials, is sent in cleartext. An attacker could obtain sensitive information such as user credentials to gain access to the system.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-05 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:sauter-controls:nova_220_eyk220f001_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sauter-controls:nova_220_eyk220f001:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:sauter-controls:nova_230_eyk230f001_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sauter-controls:nova_230_eyk230f001:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:sauter-controls:nova_106_eyk300f001_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sauter-controls:nova_106_eyk300f001:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:sauter-controls:modunet300_ey-am300f001_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sauter-controls:modunet300_ey-am300f001:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:sauter-controls:modunet300_ey-am300f002_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sauter-controls:modunet300_ey-am300f002:-:*:*:*:*:*:*:*

Configuration 6 (hide)

cpe:2.3:a:sauter-controls:bacnetstac:*:*:*:*:*:*:*:*
History

27 Oct 2023, 20:32

Type Values Removed Values Added
CWE CWE-319

27 Oct 2023, 00:15

Type Values Removed Values Added
Summary SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior have only FTP and Telnet available for device management. Any sensitive information communicated through these protocols, such as credentials, is sent in cleartext. An attacker could obtain sensitive information such as user credentials to gain access to the system. SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior have only FTP and Telnet available for device management. Any sensitive information communicated through these protocols, such as credentials, is sent in cleartext. An attacker could obtain sensitive information such as user credentials to gain access to the system.
CWE CWE-319
Information

Published : 2023-03-02 01:15

Updated : 2024-02-28 19:51

NVD link : CVE-2023-0053

Mitre link : CVE-2023-0053

CVE.ORG link : CVE-2023-0053

JSON object : View

Products Affected

sauter-controls

  • nova_106_eyk300f001_firmware
  • modunet300_ey-am300f001_firmware
  • modunet300_ey-am300f001
  • nova_220_eyk220f001_firmware
  • modunet300_ey-am300f002
  • bacnetstac
  • nova_106_eyk300f001
  • nova_230_eyk230f001
  • modunet300_ey-am300f002_firmware
  • nova_220_eyk220f001
  • nova_230_eyk230f001_firmware
CWE
CWE-319

Cleartext Transmission of Sensitive Information