VDB
CVE-2022-43376
CVE-2022-43376
PUBLISHED
CVSS 7.599999904632568 HIGH
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause code and session manipulation when malicious code is inserted into the browser. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 and prior)
EPSS 0.54% · 68.1th percentile
Risk Scores
CVSS 3.1
7.599999904632568
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L
EPSS Score
0.54%
68.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| schneider-electric | netbotz_455_firmware | 4.0.0 |
| schneider-electric | netbotz_450_firmware | 4.0.0 |
| schneider-electric | netbotz_355_firmware | 4.0.0 |
| schneider-electric | netbotz_570_firmware | 4.0.0 |
| schneider-electric | netbotz_550_firmware | 4.0.0 |
| Schneider Electric | NetBotz 4 - 355/450/455/550/570 | V4.7.0 and prior |
Exploit Intelligence
Timeline
- Apr 18, 2023 CVE Published
- Apr 19, 2023 EPSS Score
- May 26, 2023 EPSS Score
- Jul 3, 2023 EPSS Score
- Aug 9, 2023 EPSS Score
- Sep 16, 2023 EPSS Score
- Oct 23, 2023 EPSS Score
- Nov 30, 2023 EPSS Score
- Jan 6, 2024 EPSS Score
- Feb 13, 2024 EPSS Score
- Mar 21, 2024 EPSS Score
- Apr 28, 2024 EPSS Score
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-312-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-312-01-NetBotz_4_Security_Notification.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2021-159-04_ISaGRAF_Security_Notification.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2021-313-05_Badalloc_Vulnerabilities_Security_Notification.pdf advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-43376 advisory