OTPulse
FeedAboutContact

Sauter NovaWeb Web HMI Authentication Bypass Vulnerability

Monitor7.2ICS-CERT ICSA-16-343-02Sep 11, 2016
Attack VectorNetwork
Auth RequiredHigh
ComplexityLow
User InteractionNone needed
Summary

Sauter NovaWeb web HMI contains an authentication bypass vulnerability (CWE-784) affecting all versions. An authenticated user with engineering or operator credentials could exploit the flaw to access restricted functions or escalate privileges. The vendor has not released a patch for this issue.

What this means
What could happen
An attacker with engineering or operator credentials could bypass authentication checks and access the HMI with higher privileges, potentially modifying process parameters, alarm settings, or stopping production operations.
Who's at risk
Manufacturing facilities relying on Sauter NovaWeb for HVAC, building automation, or process control HMI functions. This affects any operator or engineering staff who interact with the web interface, as well as production processes controlled through the system.
How it could be exploited
An attacker with valid engineering or operator account credentials logs into the NovaWeb HMI over the network, then exploits the authentication bypass flaw to escalate privileges or access restricted functions without proper authorization checks.
Prerequisites
  • Valid engineering or operator credentials for the NovaWeb HMI
  • Network access to the NovaWeb web interface (typically port 80/443)
  • Authentication bypass vulnerability exists in the target version
remotely exploitablehigh privilege requirements to bypassno patch availableaffects control system interface
Exploitability
Low exploit probability (EPSS 0.9%)
Affected products (1)
ProductAffected VersionsFix Status
NovaWeb web HMI: vers:all/*All versionsNo fix (EOL)
Remediation & Mitigation
0/5
Do now
0/3
HARDENINGRestrict network access to the NovaWeb HMI interface using firewall rules—limit connections to authorized engineering workstations and administrative networks only
HARDENINGEnforce strong, unique passwords for all engineering and operator accounts on the HMI
HARDENINGMonitor HMI login attempts and access logs for unusual activity or unauthorized privilege escalation attempts
Mitigations - no patch available
0/2
NovaWeb web HMI: vers:all/* has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGImplement network segmentation to isolate the HMI on a protected control network separate from corporate IT
HARDENINGEvaluate upgrade or replacement options for NovaWeb—contact Sauter for end-of-life status and long-term support availability
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/fa9fbc56-e799-4080-b120-a1f219d3b041
Sauter NovaWeb Web HMI Authentication Bypass Vulnerability | CVSS 7.2 - OTPulse