CVE-2023-0053

SAUTER Controls Nova 200–220 Series Cleartext Transmission of Sensitive Information

Description

SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior have only FTP and Telnet available for device management. Any sensitive information communicated through these protocols, such as credentials, is sent in cleartext. An attacker could obtain sensitive information such as user credentials to gain access to the system.

Remediation

Workaround:

  • SAUTER Controls has stated that this product line is no longer supported, as it was discontinued in 2016. SAUTER Controls recommends users take all necessary measures to protect the integrity of building automation network access, using all appropriate means and policies to minimize risks. Sauter Controls recommends users evaluate and upgrade legacy systems to current solutions where necessary.   Affected users should contact SAUTER Controls https://www.sauter-controls.com/  for instructions on upgrading legacy systems.

Category

7.5
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.05%
Third-Party Advisory cisa.gov
Affected: SAUTER Controls Nova 220 (EYK220F001) DDC with BACnet connection
Affected: SAUTER Controls Nova 230 (EYK230F001) DDC with BACnet connection
Affected: SAUTER Controls Nova 106 (EYK300F001) BACnet communication card
Affected: SAUTER Controls moduNet300 (EY-AM300F001, EY-AM300F002)
Published at:
Updated at:

References

Link Tags
https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-05 third party advisory us government resource

Frequently Asked Questions

What is the severity of CVE-2023-0053?
CVE-2023-0053 has been scored as a high severity vulnerability.
How to fix CVE-2023-0053?
As a workaround for remediating CVE-2023-0053: SAUTER Controls has stated that this product line is no longer supported, as it was discontinued in 2016. SAUTER Controls recommends users take all necessary measures to protect the integrity of building automation network access, using all appropriate means and policies to minimize risks. Sauter Controls recommends users evaluate and upgrade legacy systems to current solutions where necessary.   Affected users should contact SAUTER Controls https://www.sauter-controls.com/  for instructions on upgrading legacy systems.
Is CVE-2023-0053 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-0053 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-0053?
CVE-2023-0053 affects SAUTER Controls Nova 220 (EYK220F001) DDC with BACnet connection, SAUTER Controls Nova 230 (EYK230F001) DDC with BACnet connection, SAUTER Controls Nova 106 (EYK300F001) BACnet communication card, SAUTER Controls moduNet300 (EY-AM300F001, EY-AM300F002).
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.