SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. As Telnet and file transfer protocol (FTP) are the only protocols available for device management, an unauthori
SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. As Telnet and file transfer protocol (FTP) are the only protocols available for device management, an unauthorized user could access the system and modify the device configuration, which could result in the unauthorized user…
| Vendor | Product | Versions |
|---|---|---|
| SAUTER Controls | Nova 220 (EYK220F001) DDC with BACnet connection | Firmware all versions, BACnetstac all versions |
| SAUTER Controls | Nova 230 (EYK230F001) DDC with BACnet connection | Firmware all versions, BACnetstac all versions |
| SAUTER Controls | Nova 106 (EYK300F001) BACnet communication card | Firmware all versions, BACnetstac all versions |
| SAUTER Controls | moduNet300 (EY | AM300F001, EY-AM300F002) — Firmware all versions, BACnetstac all versions |
Not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog. EPSS is the best forward-looking signal — see the EPSS row above.
For the full vendor write-up, exploit chains, and reference implementations, see the references list in section 09.
Open the Sigma generator with a pre-filled prompt for this CVE to draft a starting detection in your stack of choice:
No directly-cited follow-up CVEs in the KB record for this advisory. The references list in section 09 carries the vendor cross-references.