9.8
CVE-2023-0052
- EPSS 0.26%
- Veröffentlicht 20.01.2023 22:15:10
- Zuletzt bearbeitet 21.11.2024 07:36:27
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginSAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. As Telnet and file transfer protocol (FTP) are the only protocols available for device management, an unauthorized user could access the system and modify the device configuration, which could result in the unauthorized user executing unrestricted malicious commands.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sauter-controls ≫ Nova 220 Eyk220f001 Firmware Version <= 3.3-006
Sauter-controls ≫ Nova 230 Eyk230f001 Firmware Version <= 3.3-006
Sauter-controls ≫ Nova 106 Eyk300f001 Firmware Version <= 3.3-006
Sauter-controls ≫ Modunet300 Ey-am300f001 Firmware Version <= 3.3-006
Sauter-controls ≫ Modunet300 Ey-am300f002 Firmware Version <= 3.3-006
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.26% | 0.486 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| ics-cert@hq.dhs.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.