CVE-2022-43377

EUVD-2022-46416




A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that
could cause account takeover when a brute force attack is performed on the account.



 Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0

 and prior)
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
schneiderCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
Affected Products (NVD)
VendorProductVersion
schneider-electricnetbotz_355_firmware
4.0.0 ≤
𝑥
≤ 4.7.0
schneider-electricnetbotz_450_firmware
4.0.0 ≤
𝑥
≤ 4.7.0
schneider-electricnetbotz_455_firmware
4.0.0 ≤
𝑥
≤ 4.7.0
schneider-electricnetbotz_550_firmware
4.0.0 ≤
𝑥
≤ 4.7.0
schneider-electricnetbotz_570_firmware
4.0.0 ≤
𝑥
≤ 4.7.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-312-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-312-01-NetBotz_4_Security_Notification.pdf
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-312-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-312-01-NetBotz_4_Security_Notification.pdf