VYPR
Vendor

Sauter Controls

Products
9
CVEs
8
Across products
15
Status
Private

Products

9

Recent CVEs

8
  • CVE-2015-7915CriFeb 6, 2016
    risk 0.64cvss 9.8epss 0.02

    Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network.

  • CVE-2015-7914HigFeb 6, 2016
    risk 0.53cvss 8.1epss 0.02

    Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote attackers to bypass authentication by leveraging knowledge of a password hash without knowledge of the associated password.

  • CVE-2025-41722HigOct 22, 2025
    risk 0.49cvss 7.5epss 0.00

    The wsc server uses a hard-coded certificate to check the authenticity of SOAP messages. An unauthenticated remote attacker can extract private keys from the Software of the affected devices.

  • CVE-2016-10224HigFeb 13, 2017
    risk 0.47cvss 7.2epss 0.01

    An issue was discovered in Sauter NovaWeb web HMI. The application uses a protection mechanism that relies on the existence or values of a cookie, but it does not properly ensure that the cookie is valid for the associated user.

  • CVE-2015-7916MedFeb 6, 2016
    risk 0.42cvss 6.5epss 0.01

    Cross-site scripting (XSS) vulnerability in Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query.

  • CVE-2023-0053Mar 2, 2023
    risk 0.00cvss epss 0.00

    SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior have only FTP and Telnet available for device management. Any sensitive information communicated through these protocols, such as credentials, is sent in…

  • CVE-2023-0052Jan 20, 2023
    risk 0.00cvss epss 0.01

    SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. As Telnet and file transfer protocol (FTP) are the only protocols available for device management, an…

  • CVE-2022-40190Oct 31, 2022
    risk 0.00cvss epss 0.01

    SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable to reflective cross-site scripting (XSS). The web application does not adequately sanitize request strings of malicious JavaScript. An attacker utilizing XSS could then execute malicious code in users’ browsers and…