Vulnerability Details : CVE-2023-0053
SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and
prior and BACnetstac version 4.2.1 and prior have only FTP and Telnet
available for device management. Any sensitive information communicated
through these protocols, such as credentials, is sent in cleartext. An
attacker could obtain sensitive information such as user credentials to
gain access to the system.
Products affected by CVE-2023-0053
- cpe:2.3:o:sauter-controls:nova_220_eyk220f001_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:sauter-controls:nova_230_eyk230f001_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:sauter-controls:nova_106_eyk300f001_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:sauter-controls:modunet300_ey-am300f001_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:sauter-controls:modunet300_ey-am300f002_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:a:sauter-controls:bacnetstac:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-0053
0.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 45 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-0053
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
ICS-CERT | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2023-0053
-
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.Assigned by:
- ics-cert@hq.dhs.gov (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2023-0053
-
https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-05
SAUTER Controls Nova 200 – 220 Series (PLC 6) | CISAThird Party Advisory;US Government Resource
Jump to