SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. As Telnet and file transfer protocol (FTP) are the only protocols available for device management, an unauthorized user could access the system and modify the device configuration, which could result in the unauthorized user executing unrestricted malicious commands.
References
Link | Resource |
---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-05 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
History
30 Oct 2023, 17:01
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-306 |
27 Oct 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
Summary | SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. As Telnet and file transfer protocol (FTP) are the only protocols available for device management, an unauthorized user could access the system and modify the device configuration, which could result in the unauthorized user executing unrestricted malicious commands. | |
CWE |
02 Feb 2023, 14:21
Type | Values Removed | Values Added |
---|---|---|
First Time |
Sauter-controls nova 220 Eyk220f001 Firmware
Sauter-controls modunet300 Ey-am300f002 Firmware Sauter-controls nova 230 Eyk230f001 Firmware Sauter-controls nova 106 Eyk300f001 Firmware Sauter-controls modunet300 Ey-am300f001 Firmware Sauter-controls nova 230 Eyk230f001 Sauter-controls nova 220 Eyk220f001 Sauter-controls nova 106 Eyk300f001 Sauter-controls Sauter-controls modunet300 Ey-am300f001 Sauter-controls modunet300 Ey-am300f002 |
|
References | (MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-05 - Third Party Advisory, US Government Resource | |
CPE | cpe:2.3:o:sauter-controls:nova_220_eyk220f001_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:sauter-controls:nova_106_eyk300f001:-:*:*:*:*:*:*:* cpe:2.3:o:sauter-controls:modunet300_ey-am300f002_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:sauter-controls:modunet300_ey-am300f002:-:*:*:*:*:*:*:* cpe:2.3:h:sauter-controls:nova_220_eyk220f001:-:*:*:*:*:*:*:* cpe:2.3:h:sauter-controls:modunet300_ey-am300f001:-:*:*:*:*:*:*:* cpe:2.3:h:sauter-controls:nova_230_eyk230f001:-:*:*:*:*:*:*:* cpe:2.3:o:sauter-controls:nova_106_eyk300f001_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:sauter-controls:nova_230_eyk230f001_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:sauter-controls:modunet300_ey-am300f001_firmware:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
20 Jan 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-20 22:15
Updated : 2023-12-10 14:48
NVD link : CVE-2023-0052
Mitre link : CVE-2023-0052
CVE.ORG link : CVE-2023-0052
JSON object : View
Products Affected
sauter-controls
- modunet300_ey-am300f001
- nova_230_eyk230f001
- nova_106_eyk300f001_firmware
- nova_106_eyk300f001
- nova_220_eyk220f001_firmware
- modunet300_ey-am300f002
- modunet300_ey-am300f001_firmware
- nova_230_eyk230f001_firmware
- modunet300_ey-am300f002_firmware
- nova_220_eyk220f001
CWE
CWE-306
Missing Authentication for Critical Function