Cleartext transmission of sensitive information in Fr. Sauter AG products - CVE-2023-0053

 

Cleartext transmission of sensitive information in Fr. Sauter AG products - CVE-2023-0053

Published: January 16, 2023


Vulnerability identifier: #VU71172
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2023-0053
CWE-ID: CWE-319
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Fr. Sauter AG
Affected software:
Nova 220 (EYK220F001) DDC with BACnet connection
Nova 230 (EYK230F001) DDC with BACnet connection
Nova 106 (EYK300F001) BACnet communication card
moduNet300 (EY-AM300F001)
moduNet300 (EY-AM300F002)

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to software uses insecure communication channel to transmit sensitive information within the affected software with BACnetstac version 4.2.1 and prior. A remote attacker can gain access to sensitive data.


How to mitigate CVE-2023-0053

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Sources