CVE-2023-0053
Last modified
CVE-2023-0053 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior have only FTP and Telnet available for device management. Any sensitive information communicated through these protocols, such as credentials, is sent in cleartext. EPSS estimates a 0.39% chance of exploitation in the next 30 days.
Description
SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior have only FTP and Telnet available for device management. Any sensitive information communicated through these protocols, such as credentials, is sent in cleartext. An attacker could obtain sensitive information such as user credentials to gain access to the system.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sauter-Controls | Nova 220 Eyk220f001 Firmware | <= 3.3-006 |
| Sauter-Controls | Nova 230 Eyk230f001 Firmware | <= 3.3-006 |
| Sauter-Controls | Nova 106 Eyk300f001 Firmware | <= 3.3-006 |
| Sauter-Controls | Modunet300 Ey-Am300f001 Firmware | <= 3.3-006 |
| Sauter-Controls | Modunet300 Ey-Am300f002 Firmware | <= 3.3-006 |
| Sauter-Controls | Bacnetstac | <= 4.2.1 |
References
- https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-05Third Party Advisory, US Government Resource
- https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-05Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-0053?
How severe is CVE-2023-0053?
How do I fix CVE-2023-0053?
Are you affected by CVE-2023-0053?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST