{ "id": "CVE-2023-0053", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-03-02T01:15:11.590", "lastModified": "2023-10-27T20:32:10.447", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "SAUTER Controls Nova 200\u2013220 Series with firmware version 3.3-006 and \nprior and BACnetstac version 4.2.1 and prior have only FTP and Telnet \navailable for device management. Any sensitive information communicated \nthrough these protocols, such as credentials, is sent in cleartext. An \nattacker could obtain sensitive information such as user credentials to \ngain access to the system. \n\n\n\n" } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 3.6 }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-319" } ] }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-319" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:sauter-controls:nova_220_eyk220f001:-:*:*:*:*:*:*:*", "matchCriteriaId": "72F35195-7225-426C-998F-9E68AE7823F8" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:sauter-controls:nova_220_eyk220f001_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding": "3.3-006", "matchCriteriaId": "5E514737-2011-43D1-8283-58D57BA13BE5" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:sauter-controls:nova_230_eyk230f001:-:*:*:*:*:*:*:*", "matchCriteriaId": "11465A2B-145D-47A5-9275-C4853304488C" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:sauter-controls:nova_230_eyk230f001_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding": "3.3-006", "matchCriteriaId": "0CBBF6A0-9764-47E0-81DC-04AEEED9AC18" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:sauter-controls:nova_106_eyk300f001_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding": "3.3-006", "matchCriteriaId": "4D125C85-B22C-4A2F-A304-988C606259BC" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:sauter-controls:nova_106_eyk300f001:-:*:*:*:*:*:*:*", "matchCriteriaId": "668A40CB-2C90-426B-B0B3-709C6601104D" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:sauter-controls:modunet300_ey-am300f001_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding": "3.3-006", "matchCriteriaId": "8668DBA6-866D-43DE-97F6-C7D91E1FD308" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:sauter-controls:modunet300_ey-am300f001:-:*:*:*:*:*:*:*", "matchCriteriaId": "7214F356-6035-4A3B-8519-F6D89FF00370" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:sauter-controls:modunet300_ey-am300f002_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding": "3.3-006", "matchCriteriaId": "2A38DFF4-32E2-4B7C-A93D-8ADE3A862FDD" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:sauter-controls:modunet300_ey-am300f002:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D8B577B-9BEB-4DE3-A2A4-648EAF1C15CB" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:sauter-controls:bacnetstac:*:*:*:*:*:*:*:*", "versionEndIncluding": "4.2.1", "matchCriteriaId": "10FFD021-861D-40B7-B545-8F2F6BA70B67" } ] } ] } ], "references": [ { "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-05", "source": "ics-cert@hq.dhs.gov", "tags": [ "Third Party Advisory", "US Government Resource" ] } ] }