CVE-2023-0052
Published: Jan 20, 2023
Modified: Jan 16, 2025
CVSS v3.1
9.8
Description
SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. As Telnet and file transfer protocol (FTP) are the only protocols available for device management, an unauthorized user could access the system and modify the device configuration, which could result in the unauthorized user executing unrestricted malicious commands.
| Vendor | Product | Versions |
|---|---|---|
SAUTER Controls | Nova 220 (EYK220F001) DDC with BACnet connection | affected Firmware all versions - <= 3.3-006affected BACnetstac all versions - <= 4.2.1 |
SAUTER Controls | Nova 230 (EYK230F001) DDC with BACnet connection | affected Firmware all versions - <= 3.3-006affected BACnetstac all versions - <= 4.2.1 |
SAUTER Controls | Nova 106 (EYK300F001) BACnet communication card | affected Firmware all versions - <= 3.3-006affected BACnetstac all versions - <= 4.2.1 |
SAUTER Controls | moduNet300 (EY-AM300F001, EY-AM300F002) | affected Firmware all versions - <= 3.3-006affected BACnetstac all versions - <= 4.2.1 |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now