SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and
prior and BACnetstac version 4.2.1 and prior have only FTP and Telnet
available for device management. Any sensitive information communicated
through these protocols, such as credentials, is sent in cleartext. An
attacker could obtain sensitive information such as user credentials to
gain access to the system.
References
| Link | Resource |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-05 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Configuration 6 (hide)
|
History
27 Oct 2023, 20:32
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-319 |
27 Oct 2023, 00:15
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior have only FTP and Telnet available for device management. Any sensitive information communicated through these protocols, such as credentials, is sent in cleartext. An attacker could obtain sensitive information such as user credentials to gain access to the system. | |
| CWE |
10 Mar 2023, 04:58
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Sauter-controls nova 220 Eyk220f001 Firmware
Sauter-controls modunet300 Ey-am300f002 Firmware Sauter-controls nova 230 Eyk230f001 Firmware Sauter-controls nova 106 Eyk300f001 Firmware Sauter-controls modunet300 Ey-am300f001 Firmware Sauter-controls nova 230 Eyk230f001 Sauter-controls nova 220 Eyk220f001 Sauter-controls nova 106 Eyk300f001 Sauter-controls Sauter-controls modunet300 Ey-am300f001 Sauter-controls bacnetstac Sauter-controls modunet300 Ey-am300f002 |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
| CPE | cpe:2.3:o:sauter-controls:nova_220_eyk220f001_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:sauter-controls:nova_106_eyk300f001:-:*:*:*:*:*:*:* cpe:2.3:o:sauter-controls:modunet300_ey-am300f002_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:sauter-controls:modunet300_ey-am300f002:-:*:*:*:*:*:*:* cpe:2.3:h:sauter-controls:nova_220_eyk220f001:-:*:*:*:*:*:*:* cpe:2.3:h:sauter-controls:modunet300_ey-am300f001:-:*:*:*:*:*:*:* cpe:2.3:h:sauter-controls:nova_230_eyk230f001:-:*:*:*:*:*:*:* cpe:2.3:a:sauter-controls:bacnetstac:*:*:*:*:*:*:*:* cpe:2.3:o:sauter-controls:nova_106_eyk300f001_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:sauter-controls:nova_230_eyk230f001_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:sauter-controls:modunet300_ey-am300f001_firmware:*:*:*:*:*:*:*:* |
|
| References | (MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-05 - Third Party Advisory, US Government Resource |
02 Mar 2023, 01:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-03-02 01:15
Updated : 2023-12-10 14:48
NVD link : CVE-2023-0053
Mitre link : CVE-2023-0053
CVE.ORG link : CVE-2023-0053
JSON object : View
Products Affected
sauter-controls
- modunet300_ey-am300f002_firmware
- nova_220_eyk220f001_firmware
- nova_106_eyk300f001
- nova_230_eyk230f001
- nova_220_eyk220f001
- bacnetstac
- modunet300_ey-am300f001_firmware
- nova_230_eyk230f001_firmware
- nova_106_eyk300f001_firmware
- modunet300_ey-am300f001
- modunet300_ey-am300f002
CWE
CWE-319
Cleartext Transmission of Sensitive Information