← Volver a CVEs
CVE-2023-0052
CRITICAL9.8
Descripcion
SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. As Telnet and file transfer protocol (FTP) are the only protocols available for device management, an unauthorized user could access the system and modify the device configuration, which could result in the unauthorized user executing unrestricted malicious commands.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado1/20/2023
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
sauter-controls:modunet300_ey-am300f001sauter-controls:modunet300_ey-am300f001_firmwaresauter-controls:modunet300_ey-am300f002sauter-controls:modunet300_ey-am300f002_firmwaresauter-controls:nova_106_eyk300f001sauter-controls:nova_106_eyk300f001_firmwaresauter-controls:nova_220_eyk220f001sauter-controls:nova_220_eyk220f001_firmwaresauter-controls:nova_230_eyk230f001sauter-controls:nova_230_eyk230f001_firmware
Debilidades (CWE)
CWE-306CWE-306
Referencias
https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-05(ics-cert@hq.dhs.gov)
https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-05(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.