CVE-2023-0053 [High] | Information Disclosure in Nova 220 Eyk220f001 Firmware

SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior have only FTP and Telnet available for device management. Any sensitive information communicated through these protocols, such as credentials, is sent in cleartext. An attacker could obtain sensitive information such as user credentials to gain access to the system.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-15	0.11%	0.39%	+0.28%
2	2024-12-17	0.19%	0.11%	-0.08%
3	2024-08-12	—	0.19%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-06-15

0.11%

0.39%

+0.28%

2024-12-17

0.19%

0.11%

-0.08%

2024-08-12

—

0.19%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
7.5	3.1	HIGH	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N` Click to expand Attack vector (AV:N) Could be attacked over the internet or any normal routed network—not just someone sitting at the machine. Attack complexity (AC:L) Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup. Privileges required (PR:N) No account or special rights needed—anonymous or random user is enough. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:U) Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems. Confidentiality (C:H) Serious risk that confidential data gets exposed in a big way. Integrity (I:N) Data isn’t meaningfully altered or forged. Availability (A:N) Service keeps running; no real outage angle.	3.9	3.6	[email protected]
7.5	3.1	HIGH	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N` Click to expand Attack vector (AV:N) Could be attacked over the internet or any normal routed network—not just someone sitting at the machine. Attack complexity (AC:L) Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup. Privileges required (PR:N) No account or special rights needed—anonymous or random user is enough. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:U) Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems. Confidentiality (C:H) Serious risk that confidential data gets exposed in a big way. Integrity (I:N) Data isn’t meaningfully altered or forged. Availability (A:N) Service keeps running; no real outage angle.	3.9	3.6	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

7.5

3.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Click to expand

Attack vector (AV:N): Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L): Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N): No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N): Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U): Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H): Serious risk that confidential data gets exposed in a big way.
Integrity (I:N): Data isn’t meaningfully altered or forged.
Availability (A:N): Service keeps running; no real outage angle.

3.9

3.6

[email protected]

7.5

3.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Click to expand

Attack vector (AV:N): Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L): Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N): No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N): Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U): Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H): Serious risk that confidential data gets exposed in a big way.
Integrity (I:N): Data isn’t meaningfully altered or forged.
Availability (A:N): Service keeps running; no real outage angle.

3.9

3.6

[email protected]

Affected software / configurations for CVE-2023-0053

Vendor	Product	Version	Raw CPE
sauter-controls	nova_220_eyk220f001_firmware	<= 3.3-006	cpe:2.3:o:sauter-controls:nova_220_eyk220f001_firmware::::::::
sauter-controls	nova_230_eyk230f001_firmware	<= 3.3-006	cpe:2.3:o:sauter-controls:nova_230_eyk230f001_firmware::::::::
sauter-controls	nova_106_eyk300f001_firmware	<= 3.3-006	cpe:2.3:o:sauter-controls:nova_106_eyk300f001_firmware::::::::
sauter-controls	modunet300_ey-am300f001_firmware	<= 3.3-006	cpe:2.3:o:sauter-controls:modunet300_ey-am300f001_firmware::::::::
sauter-controls	modunet300_ey-am300f002_firmware	<= 3.3-006	cpe:2.3:o:sauter-controls:modunet300_ey-am300f002_firmware::::::::
sauter-controls	bacnetstac	<= 4.2.1	cpe:2.3:a:sauter-controls:bacnetstac::::::::

References for CVE-2023-0053

URL	Tags
https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-05	Third Party Advisory US Government Resource

URL

CVE-2023-0053 | SAUTER Controls Nova 200–220 Series Cleartext Transmission of Sensitive Information

Exploit prediction scoring system (EPSS) score for CVE-2023-0053

Common vulnerability scoring system (CVSS) metrics for CVE-2023-0053

Weakness enumeration for CVE-2023-0053

Affected software / configurations for CVE-2023-0053

References for CVE-2023-0053