CVE-2023-0053
SAUTER Controls Nova 200–220 Series Cleartext Transmission of Sensitive Information
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior have only FTP and Telnet available for device management. Any sensitive information communicated through these protocols, such as credentials, is sent in cleartext. An attacker could obtain sensitive information such as user credentials to gain access to the system.
*Credits:
Jairo Alonso Ortiz, Aarón Flecha Menéndez and Iñaki Lázaro Ayanz of S21Sec
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-01-04 CVE Reserved
- 2023-03-02 CVE Published
- 2024-08-02 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-319: Cleartext Transmission of Sensitive Information
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-05 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sauter-controls Search vendor "Sauter-controls" | Nova 220 Eyk220f001 Firmware Search vendor "Sauter-controls" for product "Nova 220 Eyk220f001 Firmware" | <= 3.3-006 Search vendor "Sauter-controls" for product "Nova 220 Eyk220f001 Firmware" and version " <= 3.3-006" | - |
Affected
| in | Sauter-controls Search vendor "Sauter-controls" | Nova 220 Eyk220f001 Search vendor "Sauter-controls" for product "Nova 220 Eyk220f001" | - | - |
Safe
|
| Sauter-controls Search vendor "Sauter-controls" | Nova 230 Eyk230f001 Firmware Search vendor "Sauter-controls" for product "Nova 230 Eyk230f001 Firmware" | <= 3.3-006 Search vendor "Sauter-controls" for product "Nova 230 Eyk230f001 Firmware" and version " <= 3.3-006" | - |
Affected
| in | Sauter-controls Search vendor "Sauter-controls" | Nova 230 Eyk230f001 Search vendor "Sauter-controls" for product "Nova 230 Eyk230f001" | - | - |
Safe
|
| Sauter-controls Search vendor "Sauter-controls" | Nova 106 Eyk300f001 Firmware Search vendor "Sauter-controls" for product "Nova 106 Eyk300f001 Firmware" | <= 3.3-006 Search vendor "Sauter-controls" for product "Nova 106 Eyk300f001 Firmware" and version " <= 3.3-006" | - |
Affected
| in | Sauter-controls Search vendor "Sauter-controls" | Nova 106 Eyk300f001 Search vendor "Sauter-controls" for product "Nova 106 Eyk300f001" | - | - |
Safe
|
| Sauter-controls Search vendor "Sauter-controls" | Modunet300 Ey-am300f001 Firmware Search vendor "Sauter-controls" for product "Modunet300 Ey-am300f001 Firmware" | <= 3.3-006 Search vendor "Sauter-controls" for product "Modunet300 Ey-am300f001 Firmware" and version " <= 3.3-006" | - |
Affected
| in | Sauter-controls Search vendor "Sauter-controls" | Modunet300 Ey-am300f001 Search vendor "Sauter-controls" for product "Modunet300 Ey-am300f001" | - | - |
Safe
|
| Sauter-controls Search vendor "Sauter-controls" | Modunet300 Ey-am300f002 Firmware Search vendor "Sauter-controls" for product "Modunet300 Ey-am300f002 Firmware" | <= 3.3-006 Search vendor "Sauter-controls" for product "Modunet300 Ey-am300f002 Firmware" and version " <= 3.3-006" | - |
Affected
| in | Sauter-controls Search vendor "Sauter-controls" | Modunet300 Ey-am300f002 Search vendor "Sauter-controls" for product "Modunet300 Ey-am300f002" | - | - |
Safe
|
| Sauter-controls Search vendor "Sauter-controls" | Bacnetstac Search vendor "Sauter-controls" for product "Bacnetstac" | <= 4.2.1 Search vendor "Sauter-controls" for product "Bacnetstac" and version " <= 4.2.1" | - |
Affected
| ||||||