CVE-2023-0052 — CRITICAL (9.8)

Q: How severe is CVE-2023-0052?

CVE-2023-0052 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2023-0052?

Check the references section above for vendor advisories and patch information. Affected products include: Sauter-Controls Nova 220 Eyk220F001 Firmware, Sauter-Controls Nova 220 Eyk220F001, Sauter-Controls Nova 230 Eyk230F001 Firmware, Sauter-Controls Nova 230 Eyk230F001, Sauter-Controls Nova 106 Eyk300F001 Firmware.

Vulnerability Description

SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. As Telnet and file transfer protocol (FTP) are the only protocols available for device management, an unauthorized user could access the system and modify the device configuration, which could result in the unauthorized user executing unrestricted malicious commands.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Sauter-Controls	Nova 220 Eyk220F001 Firmware	<= 3.3-006
Sauter-Controls	Nova 220 Eyk220F001	-
Sauter-Controls	Nova 230 Eyk230F001 Firmware	<= 3.3-006
Sauter-Controls	Nova 230 Eyk230F001	-
Sauter-Controls	Nova 106 Eyk300F001 Firmware	<= 3.3-006
Sauter-Controls	Nova 106 Eyk300F001	-
Sauter-Controls	Modunet300 Ey-Am300F001 Firmware	<= 3.3-006
Sauter-Controls	Modunet300 Ey-Am300F001	-
Sauter-Controls	Modunet300 Ey-Am300F002 Firmware	<= 3.3-006
Sauter-Controls	Modunet300 Ey-Am300F002	-

Related Weaknesses (CWE)

CWE-306

References

https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-05Third Party AdvisoryUS Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-05Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2023-0052?

CVE-2023-0052 is a vulnerability with a CVSS score of 9.8 (CRITICAL). SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. As Telnet and file transfer pro...

How severe is CVE-2023-0052?

CVE-2023-0052 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2023-0052?

Check the references section above for vendor advisories and patch information. Affected products include: Sauter-Controls Nova 220 Eyk220F001 Firmware, Sauter-Controls Nova 220 Eyk220F001, Sauter-Controls Nova 230 Eyk230F001 Firmware, Sauter-Controls Nova 230 Eyk230F001, Sauter-Controls Nova 106 Eyk300F001 Firmware.