CVE-2023-0053

SAUTER Controls Nova 200220 Series with firmware version 3.3-006 and 
prior and BACnetstac version 4.2.1 and prior have only FTP and Telnet 
available for device management. Any sensitive information communicated 
through these protocols, such as credentials, is sent in cleartext. An 
attacker could obtain sensitive information such as user credentials to 
gain access to the system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
icscertCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
VendorProductVersion
sauter-controlsnova_220_eyk220f001_firmware
𝑥
≤ 3.3-006
sauter-controlsnova_230_eyk230f001_firmware
𝑥
≤ 3.3-006
sauter-controlsnova_106_eyk300f001_firmware
𝑥
≤ 3.3-006
sauter-controlsmodunet300_ey-am300f001_firmware
𝑥
≤ 3.3-006
sauter-controlsmodunet300_ey-am300f002_firmware
𝑥
≤ 3.3-006
sauter-controlsbacnetstac
𝑥
≤ 4.2.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-05
https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-05