7.5
CVE-2023-0053
- EPSS 0.09%
- Veröffentlicht 02.03.2023 01:15:11
- Zuletzt bearbeitet 21.11.2024 07:36:28
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginSAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior have only FTP and Telnet available for device management. Any sensitive information communicated through these protocols, such as credentials, is sent in cleartext. An attacker could obtain sensitive information such as user credentials to gain access to the system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sauter-controls ≫ Nova 220 Eyk220f001 Firmware Version <= 3.3-006
Sauter-controls ≫ Nova 230 Eyk230f001 Firmware Version <= 3.3-006
Sauter-controls ≫ Nova 106 Eyk300f001 Firmware Version <= 3.3-006
Sauter-controls ≫ Modunet300 Ey-am300f001 Firmware Version <= 3.3-006
Sauter-controls ≫ Modunet300 Ey-am300f002 Firmware Version <= 3.3-006
Sauter-controls ≫ Bacnetstac Version <= 4.2.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.248 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| ics-cert@hq.dhs.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-319 Cleartext Transmission of Sensitive Information
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.