CVE-2023-0053

Name of the Vulnerable Software and Affected Versions SAUTER Controls Nova 200–220 Series versions 3.3-006 and prior BACnetstac versions 4.2.1 and prior

Description The issue affects device management, where sensitive information such as credentials is sent in cleartext through FTP and Telnet protocols. An attacker could obtain this sensitive information to gain access to the system.

Recommendations For SAUTER Controls Nova 200–220 Series versions 3.3-006 and prior, consider disabling the use of FTP and Telnet protocols for device management until a secure alternative is available. For BACnetstac versions 4.2.1 and prior, restrict access to the system using FTP and Telnet to minimize the risk of exploitation. As a temporary workaround, avoid using cleartext protocols for communicating sensitive information, such as credentials, until a patch or secure alternative is available.