Vulnerabilities > Sauter Controls

DATE CVE VULNERABILITY TITLE RISK
2023-03-27 CVE-2023-22300 Cross-site Scripting vulnerability in Sauter-Controls Ey-As525F001 Firmware
An unauthenticated remote attacker could force all authenticated users, such as administrative users, to perform unauthorized actions by viewing the logs.
network
low complexity
sauter-controls CWE-79
6.1
2023-03-27 CVE-2023-27927 Cleartext Transmission of Sensitive Information vulnerability in Sauter-Controls Ey-As525F001 Firmware
An authenticated malicious user could acquire the simple mail transfer protocol (SMTP) Password in cleartext format, despite it being protected and hidden behind asterisks.
network
low complexity
sauter-controls CWE-319
6.5
2023-03-27 CVE-2023-28650 Cross-site Scripting vulnerability in Sauter-Controls Ey-As525F001 Firmware
An unauthenticated remote attacker could provide a malicious link and trick an unsuspecting user into clicking on it.
network
low complexity
sauter-controls CWE-79
6.1
2023-03-27 CVE-2023-28652 Unrestricted Upload of File with Dangerous Type vulnerability in Sauter-Controls Ey-As525F001 Firmware
An authenticated malicious user could successfully upload a malicious image could lead to a denial-of-service condition.
network
low complexity
sauter-controls CWE-434
6.5
2023-03-27 CVE-2023-28655 Cross-site Scripting vulnerability in Sauter-Controls Ey-As525F001 Firmware
A malicious user could leverage this vulnerability to escalate privileges or perform unauthorized actions in the context of the targeted privileged users.
network
low complexity
sauter-controls CWE-79
5.4
2023-03-02 CVE-2023-0053 Cleartext Transmission of Sensitive Information vulnerability in Sauter-Controls products
SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior have only FTP and Telnet available for device management.
network
low complexity
sauter-controls CWE-319
7.5
2023-01-20 CVE-2023-0052 Missing Authentication for Critical Function vulnerability in Sauter-Controls products
SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials.
network
low complexity
sauter-controls CWE-306
8.8
2022-10-31 CVE-2022-40190 Cross-site Scripting vulnerability in Sauter-Controls Moduweb Firmware 2.7.1
SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable to reflective cross-site scripting (XSS).
network
low complexity
sauter-controls CWE-79
critical
9.6
2018-11-02 CVE-2018-17912 XXE vulnerability in Sauter-Controls Case Suite 3.10
An XXE vulnerability exists in CASE Suite Versions 3.10 and prior when processing parameter entities, which may allow remote file disclosure.
network
low complexity
sauter-controls CWE-611
5.0
2017-02-13 CVE-2016-10224 7PK - Security Features vulnerability in Sauter-Controls Novaweb web HMI
An issue was discovered in Sauter NovaWeb web HMI.
network
low complexity
sauter-controls CWE-254
6.5