Unrated severityNVD Advisory· Published Jan 20, 2023· Updated Jan 16, 2025

SAUTER Controls Nova 200–220 Series Missing Authentication for Critical Function

CVE-2023-0052

Description

SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. As Telnet and file transfer protocol (FTP) are the only protocols available for device management, an unauthorized user could access the system and modify the device configuration, which could result in the unauthorized user executing unrestricted malicious commands.

Affected products

Sauter Controls/Modunet300 (ey Am300f001, Ey Am300f002)v5
Range: Firmware all versions
Sauter Controls/Nova 230 (eyk230f001) Ddc With Bacnet Connectionv5
Range: Firmware all versions

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.cisa.gov/uscert/ics/advisories/icsa-23-012-05mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000