CVE-2023-0052
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. As Telnet and file transfer protocol (FTP) are the only protocols available for device management, an unauthorized user could access the system and modify the device configuration, which could result in the unauthorized user executing unrestricted malicious commands.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAUTER Controls | Nova 220 (EYK220F001) DDC with BACnet connection | Firmware all versions <= 3.3-006 | affected |
| SAUTER Controls | Nova 220 (EYK220F001) DDC with BACnet connection | BACnetstac all versions <= 4.2.1 | affected |
| SAUTER Controls | Nova 230 (EYK230F001) DDC with BACnet connection | Firmware all versions <= 3.3-006 | affected |
| SAUTER Controls | Nova 230 (EYK230F001) DDC with BACnet connection | BACnetstac all versions <= 4.2.1 | affected |
| SAUTER Controls | Nova 106 (EYK300F001) BACnet communication card | Firmware all versions <= 3.3-006 | affected |
| SAUTER Controls | Nova 106 (EYK300F001) BACnet communication card | BACnetstac all versions <= 4.2.1 | affected |
| SAUTER Controls | moduNet300 (EY-AM300F001, EY-AM300F002) | Firmware all versions <= 3.3-006 | affected |
| SAUTER Controls | moduNet300 (EY-AM300F001, EY-AM300F002) | BACnetstac all versions <= 4.2.1 | affected |
Weaknesses
- CWE-306: CWE-306 Missing Authentication for Critical Function
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.