Lucene search

[email protected]NVD:CVE-2022-43377

HistoryApr 18, 2023 - 8:15 p.m.

CVE-2022-43377

2023-04-1820:15:10

CWE-307

[email protected]

web.nvd.nist.gov

cwe-307

improper restriction

excessive authentication attempts

account takeover

brute force attack

netbotz

vulnerability

security

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

43.1%

JSON

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that
could cause account takeover when a brute force attack is performed on the account.

Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0

and prior)

Affected configurations

NVD

Node

schneider-electricnetbotz_355_firmwareRange4.0.0–4.7.0

AND

schneider-electricnetbotz_355Match-

Node

schneider-electricnetbotz_450_firmwareRange4.0.0–4.7.0

AND

schneider-electricnetbotz_450Match-

Node

schneider-electricnetbotz_455_firmwareRange4.0.0–4.7.0

AND

schneider-electricnetbotz_455Match-

Node

schneider-electricnetbotz_550_firmwareRange4.0.0–4.7.0

AND

schneider-electricnetbotz_550Match-

Node

schneider-electricnetbotz_570_firmwareRange4.0.0–4.7.0

AND

schneider-electricnetbotz_570Match-

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-312-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-312-01-NetBotz_4_Security_Notification.pdf

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

43.1%

JSON

Related for NVD:CVE-2022-43377

cve1 prion1 cvelist1