Lucene search
HistoryApr 18, 2023 - 8:15 p.m.
CVE-2022-43377
cve-2022-43377
cwe-307
improper restriction
excessive authentication attempts
account takeover
netbotz 4
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
43.1%
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that
could cause account takeover when a brute force attack is performed on the account.
Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0
and prior)
Affected configurations
Node
schneider-electricnetbotz_355_firmwareRange4.0.0–4.7.0
schneider-electricnetbotz_355Match-
Node
schneider-electricnetbotz_450_firmwareRange4.0.0–4.7.0
schneider-electricnetbotz_450Match-
Node
schneider-electricnetbotz_455_firmwareRange4.0.0–4.7.0
schneider-electricnetbotz_455Match-
Node
schneider-electricnetbotz_550_firmwareRange4.0.0–4.7.0
schneider-electricnetbotz_550Match-
Node
schneider-electricnetbotz_570_firmwareRange4.0.0–4.7.0
schneider-electricnetbotz_570Match-
| CPE | Name | Operator | Version |
|---|---|---|---|
| schneider-electric:netbotz_355_firmware | schneider-electric netbotz 355 firmware | le | 4.7.0 |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "NetBotz 4 - 355/450/455/550/570",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "V4.7.0 and prior"
}
]
}
]Related
nvd
nvd
CVE-2022-43377
2023-04-18 20:15:10
prion
prion
Authentication flaw
2023-04-18 20:15:00
cvelist
cvelist
CVE-2022-43377
2023-04-18 19:56:14
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
43.1%
Related for CVE-2022-43377