ICSA-23-012-05 · Published 2023-01-12 · View on CISA ICS-CERT ↗

SAUTER Controls Nova 200 - 220 Series (PLC 6)

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow unauthorized visibility to sensitive information and remote code execution.

CVE-2023-0052 CVE-2023-0053

SAUTER Controls has stated that this product line is no longer supported, as it was discontinued in 2016. SAUTER Controls recommends users take all necessary measures to protect the integrity of building automation network access, using all appropriate means and policies to minimize risks. Sauter Controls recommends users evaluate and upgrade legacy systems to current solutions where necessary.
Affected users should contact SAUTER Controls for instructions on upgrading legacy systems.

SAUTER Controls

SAUTER Controls · Nova 220 (EYK220F001) DDC with BACnet connection <= 3.3-006 (with <= bacnetstac 4.2.1)

SAUTER Controls · Nova 230 (EYK230F001) DDC with BACnet connection <= 3.3-006 (with <= bacnetstac 4.2.1)

SAUTER Controls · Nova 106 (EYK300F001) BACnet communication card <= 3.3-006 (with <= bacnetstac 4.2.1)

SAUTER Controls · moduNet300 (EY-AM300F001, EY-AM300F002) <= 3.3-006 (with <= bacnetstac 4.2.1)

Critical Manufacturing, Energy

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.