CVE-2023-0053 HIGH

CVE-2023-0053: SAUTER Controls Nova 200–220 Series Cleartext Transmission of Sensitive Information

Vendor Sauter Controls
Product Nova 220 (EYK220F001) DDC with BACnet connection
Weakness CWE-319 · Cleartext transmission
Published March 2, 2023
Last update January 16, 2025
View on NVD All CVEs

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior have only FTP and Telnet available for device management. Any sensitive information communicated through these protocols, such as credentials, is sent in cleartext. An attacker could obtain sensitive information such as user credentials to gain access to the system.

Key dates

02Disclosure timeline

March 2, 2023 CVE published
January 16, 2025 Record updated