Lucene search

[email protected]NVD:CVE-2022-32515

HistoryJan 30, 2023 - 11:15 p.m.

CVE-2022-32515

2023-01-3023:15:10

CWE-307

[email protected]

web.nvd.nist.gov

cwe-307

excessive authentication attempts

brute force attacks

admin account

rate limit mechanism

conext combox

cve-2022-32515

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.002

Percentile

58.5%

JSON

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause brute force attacks to take over the admin account when the product does not implement a rate limit mechanism on the admin authentication form. Affected Products: Conext™ ComBox (All Versions)

Affected configurations

Nvd

Node

schneider-electricconext_comboxMatch-

AND

schneider-electricconext_combox_firmwareMatch-

VendorProductVersionCPE
schneider-electricconext_combox-cpe:2.3:h:schneider-electric:conext_combox:-:*:*:*:*:*:*:*
schneider-electricconext_combox_firmware-cpe:2.3:o:schneider-electric:conext_combox_firmware:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
schneider-electric	conext_combox	-	cpe:2.3:h:schneider-electric:conext_combox:-:::::::*
schneider-electric	conext_combox_firmware	-	cpe:2.3:o:schneider-electric:conext_combox_firmware:-:::::::*

References

download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-03_ConextCombox_Security_Notification.pdf

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.002

Percentile

58.5%

JSON

Related for NVD:CVE-2022-32515

cvelist1 cve1 prion1