SB2023011602 - Multiple vulnerabilities in SAUTER Controls Nova 200 220 Series (PLC 6)

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023011602

SB2023011602 - Multiple vulnerabilities in SAUTER Controls Nova 200 220 Series (PLC 6)

Published: January 16, 2023

Security Bulletin ID SB2023011602
Severity
High
Patch available
NO
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

High 50% Medium 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Missing Authentication for Critical Function (CVE-ID: CVE-2023-0052)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to missing authentication for critical function within the affected software with BACnetstac version 4.2.1 and prior. A remote attacker can access the system and modify the device configuration, leading to arbitrary commands execution.


2) Cleartext transmission of sensitive information (CVE-ID: CVE-2023-0053)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to software uses insecure communication channel to transmit sensitive information within the affected software with BACnetstac version 4.2.1 and prior. A remote attacker can gain access to sensitive data.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References