CVE-2023-0052

Name of the Vulnerable Software and Affected Versions SAUTER Controls Nova 200–220 Series versions 3.3-006 and prior SAUTER Controls Nova 230 versions (affected versions not specified) SAUTER Controls Nova 106 versions (affected versions not specified) BACnetstac version 4.2.1 and prior

Description The issue is related to the lack of authentication for a critical function in the programmable logic controllers' software. This allows a remote attacker to bypass security restrictions and execute arbitrary commands. The vulnerability can be exploited through Telnet and file transfer protocol (FTP), which are the only protocols available for device management, enabling an unauthorized user to access the system, modify the device configuration, and execute malicious commands.

Recommendations For SAUTER Controls Nova 200–220 Series versions 3.3-006 and prior, consider disabling Telnet and FTP protocols until a patch is available. For SAUTER Controls Nova 230 and 106, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For BACnetstac version 4.2.1 and prior, restrict access to the system to minimize the risk of exploitation until a fix is available.