Vulnerabilities > Sauter Controls
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-27 | CVE-2023-22300 | Cross-site Scripting vulnerability in Sauter-Controls Ey-As525F001 Firmware An unauthenticated remote attacker could force all authenticated users, such as administrative users, to perform unauthorized actions by viewing the logs. | 6.1 |
| 2023-03-27 | CVE-2023-27927 | Cleartext Transmission of Sensitive Information vulnerability in Sauter-Controls Ey-As525F001 Firmware An authenticated malicious user could acquire the simple mail transfer protocol (SMTP) Password in cleartext format, despite it being protected and hidden behind asterisks. | 6.5 |
| 2023-03-27 | CVE-2023-28650 | Cross-site Scripting vulnerability in Sauter-Controls Ey-As525F001 Firmware An unauthenticated remote attacker could provide a malicious link and trick an unsuspecting user into clicking on it. | 6.1 |
| 2023-03-27 | CVE-2023-28652 | Unrestricted Upload of File with Dangerous Type vulnerability in Sauter-Controls Ey-As525F001 Firmware An authenticated malicious user could successfully upload a malicious image could lead to a denial-of-service condition. | 6.5 |
| 2023-03-27 | CVE-2023-28655 | Cross-site Scripting vulnerability in Sauter-Controls Ey-As525F001 Firmware A malicious user could leverage this vulnerability to escalate privileges or perform unauthorized actions in the context of the targeted privileged users. | 5.4 |
| 2023-03-02 | CVE-2023-0053 | Cleartext Transmission of Sensitive Information vulnerability in Sauter-Controls products SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior have only FTP and Telnet available for device management. | 7.5 |
| 2023-01-20 | CVE-2023-0052 | Missing Authentication for Critical Function vulnerability in Sauter-Controls products SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. | 8.8 |
| 2022-10-31 | CVE-2022-40190 | Cross-site Scripting vulnerability in Sauter-Controls Moduweb Firmware 2.7.1 SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable to reflective cross-site scripting (XSS). | 9.6 |
| 2018-11-02 | CVE-2018-17912 | XXE vulnerability in Sauter-Controls Case Suite 3.10 An XXE vulnerability exists in CASE Suite Versions 3.10 and prior when processing parameter entities, which may allow remote file disclosure. | 7.5 |
| 2017-02-13 | CVE-2016-10224 | 7PK - Security Features vulnerability in Sauter-Controls Novaweb web HMI An issue was discovered in Sauter NovaWeb web HMI. | 7.2 |