CVE-2023-0053

EUVD-2023-12156
SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and 
prior and BACnetstac version 4.2.1 and prior have only FTP and Telnet 
available for device management. Any sensitive information communicated 
through these protocols, such as credentials, is sent in cleartext. An 
attacker could obtain sensitive information such as user credentials to 
gain access to the system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
icscertCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
Affected Products (NVD)
VendorProductVersion
sauter-controlsnova_220_eyk220f001_firmware
𝑥
≤ 3.3-006
sauter-controlsnova_230_eyk230f001_firmware
𝑥
≤ 3.3-006
sauter-controlsnova_106_eyk300f001_firmware
𝑥
≤ 3.3-006
sauter-controlsmodunet300_ey-am300f001_firmware
𝑥
≤ 3.3-006
sauter-controlsmodunet300_ey-am300f002_firmware
𝑥
≤ 3.3-006
sauter-controlsbacnetstac
𝑥
≤ 4.2.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-05
https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-05