CVE-2023-0053
Published: Mar 2, 2023
Modified: Jan 16, 2025
CVSS v3.1
7.5
Description
SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior have only FTP and Telnet available for device management. Any sensitive information communicated through these protocols, such as credentials, is sent in cleartext. An attacker could obtain sensitive information such as user credentials to gain access to the system.
| Vendor | Product | Versions |
|---|---|---|
SAUTER Controls | Nova 220 (EYK220F001) DDC with BACnet connection | affected Firmware all versions - <= 3.3-006affected BACnetstac all versions - <= 4.2.1 |
SAUTER Controls | Nova 230 (EYK230F001) DDC with BACnet connection | affected Firmware all versions - <= 3.3-006affected BACnetstac all versions - <= 4.2.1 |
SAUTER Controls | Nova 106 (EYK300F001) BACnet communication card | affected Firmware all versions - <= 3.3-006affected BACnetstac all versions - <= 4.2.1 |
SAUTER Controls | moduNet300 (EY-AM300F001, EY-AM300F002) | affected Firmware all versions - <= 3.3-006affected BACnetstac all versions - <= 4.2.1 |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now