CVE-2022-43376



A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site
Scripting') vulnerability exists that could cause code and session manipulation when malicious
code is inserted into the browser.

 Affected Products: NetBotz 4 - 355/450/455/550/570(V4.7.0

 and prior)
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.6 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L
schneiderCNA
7.6 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
VendorProductVersion
schneider-electricnetbotz_355_firmware
4.0.0 ≤
𝑥
≤ 4.7.0
schneider-electricnetbotz_450_firmware
4.0.0 ≤
𝑥
≤ 4.7.0
schneider-electricnetbotz_455_firmware
4.0.0 ≤
𝑥
≤ 4.7.0
schneider-electricnetbotz_550_firmware
4.0.0 ≤
𝑥
≤ 4.7.0
schneider-electricnetbotz_570_firmware
4.0.0 ≤
𝑥
≤ 4.7.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-312-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-312-01-NetBotz_4_Security_Notification.pdf
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-312-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-312-01-NetBotz_4_Security_Notification.pdf