Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-0052
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
SAUTER Controls Nova 200–220 Series Missing Authentication for Critical Function
Source: NVD (National Vulnerability Database)
Vulnerability Description
SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. As Telnet and file transfer protocol (FTP) are the only protocols available for device management, an unauthorized user could access the system and modify the device configuration, which could result in the unauthorized user executing unrestricted malicious commands.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
关键功能的认证机制缺失
Source: NVD (National Vulnerability Database)
Vulnerability Title
Sauter AG Controls Nova 访问控制错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Sauter AG Controls Nova是瑞士Sauter AG公司的一个智能楼宇自动化系统。 Sauter AG Controls Nova 200-220 Series固件3.3-006及以前版本和BACnetstac 4.2.1及以前版本存在访问控制错误漏洞,该漏洞源于其允许在没有凭证的情况下执行命令。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
SAUTER ControlsNova 220 (EYK220F001) DDC with BACnet connection Firmware all versions ~ 3.3-006 -
SAUTER ControlsNova 230 (EYK230F001) DDC with BACnet connection Firmware all versions ~ 3.3-006 -
SAUTER ControlsNova 106 (EYK300F001) BACnet communication card Firmware all versions ~ 3.3-006 -
SAUTER ControlsmoduNet300 (EY-AM300F001, EY-AM300F002) Firmware all versions ~ 3.3-006 -
II. Public POCs for CVE-2023-0052
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2023-0052
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: Nova 220 (EYK220F001) DDC with BACnet connection
Same vendor: SAUTER Controls
Same weakness: CWE-306
V. Comments for CVE-2023-0052

No comments yet

Leave a comment