Multiple vulnerabilities in SAUTER Controls Nova 200 220 Series (PLC 6)
| Risk | High |
| Patch available | NO |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2023-0052 CVE-2023-0053 |
| CWE-ID | CWE-306 CWE-319 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Nova 220 (EYK220F001) DDC with BACnet connection Hardware solutions / Other hardware appliances Nova 230 (EYK230F001) DDC with BACnet connection Hardware solutions / Other hardware appliances Nova 106 (EYK300F001) BACnet communication card Hardware solutions / Other hardware appliances moduNet300 (EY-AM300F001) Hardware solutions / Other hardware appliances moduNet300 (EY-AM300F002) Hardware solutions / Other hardware appliances |
| Vendor | Fr. Sauter AG |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Missing Authentication for Critical Function
EUVDB-ID: #VU71171
Risk: High
CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2023-0052
CWE-ID:
CWE-306 - Missing Authentication for Critical Function
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to missing authentication for critical function within the affected software with BACnetstac version 4.2.1 and prior. A remote attacker can access the system and modify the device configuration, leading to arbitrary commands execution.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsNova 220 (EYK220F001) DDC with BACnet connection: 3.3-006
Nova 230 (EYK230F001) DDC with BACnet connection: 3.3-006
Nova 106 (EYK300F001) BACnet communication card: 3.3-006
moduNet300 (EY-AM300F001): 3.3-006
moduNet300 (EY-AM300F002): 3.3-006
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-22-012-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Cleartext transmission of sensitive information
EUVDB-ID: #VU71172
Risk: Medium
CVSSv3.1: 6.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2023-0053
CWE-ID:
CWE-319 - Cleartext Transmission of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to software uses insecure communication channel to transmit sensitive information within the affected software with BACnetstac version 4.2.1 and prior. A remote attacker can gain access to sensitive data.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsNova 220 (EYK220F001) DDC with BACnet connection: 3.3-006
Nova 230 (EYK230F001) DDC with BACnet connection: 3.3-006
Nova 106 (EYK300F001) BACnet communication card: 3.3-006
moduNet300 (EY-AM300F001): 3.3-006
moduNet300 (EY-AM300F002): 3.3-006
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-22-012-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
