Authentication flaw

2023-04-1820:15:00

PRIOn knowledge base

www.prio-n.com

cwe-307

improper restriction

excessive authentication attempts

account takeover

brute force attack

netbotz 4

vulnerability

0.001 Low

EPSS

Percentile

43.1%

JSON

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that
could cause account takeover when a brute force attack is performed on the account.

Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0

and prior)

CPENameOperatorVersion
netbotz_355_firmwarege4.0.0
netbotz_355_firmwarele4.7.0
netbotz_450_firmwarege4.0.0
netbotz_450_firmwarele4.7.0
netbotz_455_firmwarege4.0.0
netbotz_455_firmwarele4.7.0
netbotz_550_firmwarege4.0.0
netbotz_550_firmwarele4.7.0
netbotz_570_firmwarege4.0.0
netbotz_570_firmwarele4.7.0

Name	Operator	Version
netbotz_355_firmware	ge	4.0.0
netbotz_355_firmware	le	4.7.0
netbotz_450_firmware	ge	4.0.0
netbotz_450_firmware	le	4.7.0
netbotz_455_firmware	ge	4.0.0
netbotz_455_firmware	le	4.7.0
netbotz_550_firmware	ge	4.0.0
netbotz_550_firmware	le	4.7.0
netbotz_570_firmware	ge	4.0.0
netbotz_570_firmware	le	4.7.0

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-312-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-312-01-NetBotz_4_Security_Notification.pdf

0.001 Low

EPSS

Percentile

43.1%

JSON

Related for PRION:CVE-2022-43377