CVE-2023-0053

{"id": "CVE-2023-0053", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-03-02T01:15:11.590", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-05", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-319"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-319"}]}], "descriptions": [{"lang": "en", "value": "SAUTER Controls Nova 200\u2013220 Series with firmware version 3.3-006 and \nprior and BACnetstac version 4.2.1 and prior have only FTP and Telnet \navailable for device management. Any sensitive information communicated \nthrough these protocols, such as credentials, is sent in cleartext. An \nattacker could obtain sensitive information such as user credentials to \ngain access to the system. \n\n\n\n"}], "lastModified": "2023-10-27T20:32:10.447", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sauter-controls:nova_220_eyk220f001_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E514737-2011-43D1-8283-58D57BA13BE5", "versionEndIncluding": "3.3-006"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sauter-controls:nova_220_eyk220f001:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "72F35195-7225-426C-998F-9E68AE7823F8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sauter-controls:nova_230_eyk230f001_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0CBBF6A0-9764-47E0-81DC-04AEEED9AC18", "versionEndIncluding": "3.3-006"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sauter-controls:nova_230_eyk230f001:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "11465A2B-145D-47A5-9275-C4853304488C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sauter-controls:nova_106_eyk300f001_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D125C85-B22C-4A2F-A304-988C606259BC", "versionEndIncluding": "3.3-006"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sauter-controls:nova_106_eyk300f001:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "668A40CB-2C90-426B-B0B3-709C6601104D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sauter-controls:modunet300_ey-am300f001_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8668DBA6-866D-43DE-97F6-C7D91E1FD308", "versionEndIncluding": "3.3-006"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sauter-controls:modunet300_ey-am300f001:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7214F356-6035-4A3B-8519-F6D89FF00370"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sauter-controls:modunet300_ey-am300f002_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A38DFF4-32E2-4B7C-A93D-8ADE3A862FDD", "versionEndIncluding": "3.3-006"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sauter-controls:modunet300_ey-am300f002:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0D8B577B-9BEB-4DE3-A2A4-648EAF1C15CB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sauter-controls:bacnetstac:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10FFD021-861D-40B7-B545-8F2F6BA70B67", "versionEndIncluding": "4.2.1"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}