Lucene search

SchneiderCVELIST:CVE-2022-43377

HistoryApr 18, 2023 - 7:56 p.m.

CVE-2022-43377

2023-04-1819:56:14

CWE-307

schneider

www.cve.org

cwe-307

improper restriction

excessive authentication attempts

netbotz 4

account takeover

brute force attack

v4.7.0

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

43.1%

JSON

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that
could cause account takeover when a brute force attack is performed on the account.

Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0

and prior)

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "NetBotz 4 - 355/450/455/550/570",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "V4.7.0 and prior"
      }
    ]
  }
]

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-312-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-312-01-NetBotz_4_Security_Notification.pdf

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

43.1%

JSON

Related for CVELIST:CVE-2022-43377