CVE-2022-32515 — Vulnetix

CVE-2022-32515 PUBLISHED CVSS 8.600000381469727 HIGH

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause brute force attacks to take over the admin account when the product does not implement a rate limit mechanism on the admin authentication form. Affected Products: Conext™ ComBox (All Versions)

EPSS 0.26% · 49.3th percentile

Risk Scores

CVSS 3.1

8.600000381469727

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

EPSS Score

0.26%

49.3th percentile

Affected Products

Vendor	Product	Versions
Schneider Electric	Conext™ ComBox	All Versions
schneider-electric	conext_combox_firmware

Exploit Intelligence

https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-03_ConextCombox_Security_Notification.pdf (circl)

Timeline

Jun 15, 2022 CVE Published
Aug 19, 2022 CVE Updated
Jan 31, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 12, 2023 EPSS Score
Apr 21, 2023 EPSS Score
Jun 1, 2023 EPSS Score
Jul 11, 2023 EPSS Score
Aug 20, 2023 EPSS Score
Sep 29, 2023 EPSS Score
Nov 8, 2023 EPSS Score
Dec 18, 2023 EPSS Score

References

Open in Interactive Console →