Nova 220 Eyk220F001 Firmware
CVE-2023-0053
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
SAUTER Controls Nova 200-220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior have only FTP and Telnet available for device management. Any sensitive information communicated through these protocols, such as credentials, is sent in cleartext. An attacker could obtain sensitive information such as user credentials to gain access to the system.
AnalysisAI
SAUTER Controls Nova 200-220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior have only FTP and Telnet available for device management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-319. SAUTER Controls Nova 200-220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior have only FTP and Telnet available for device management. Any sensitive information communicated through these protocols, such as credentials, is sent in cleartext. An attacker could obtain sensitive information such as user credentials to gain access to the system. Affected products include: Sauter-Controls Nova 220 Eyk220F001 Firmware, Sauter-Controls Nova 230 Eyk230F001 Firmware, Sauter-Controls Nova 106 Eyk300F001 Firmware, Sauter-Controls Modunet300 Ey-Am300F001 Firmware, Sauter-Controls Modunet300 Ey-Am300F002 Firmware. Version information: version 3.3.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Nova 220 Eyk220F001 Firmware
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today