VDB
CVE-2022-43377
CVE-2022-43377
PUBLISHED
CVSS 7.5 HIGH
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause account takeover when a brute force attack is performed on the account. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 and prior)
EPSS 0.25% · 48.6th percentile
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.25%
48.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| schneider-electric | netbotz_570_firmware | 4.0.0 |
| schneider-electric | netbotz_355_firmware | 4.0.0 |
| schneider-electric | netbotz_455_firmware | 4.0.0 |
| Schneider Electric | NetBotz 4 - 355/450/455/550/570 | V4.7.0 and prior |
| schneider-electric | netbotz_550_firmware | 4.0.0 |
| schneider-electric | netbotz_450_firmware | 4.0.0 |
Timeline
- Nov 8, 2022 CVE Published
- Apr 19, 2023 EPSS Score
- May 26, 2023 EPSS Score
- Jul 3, 2023 EPSS Score
- Aug 9, 2023 EPSS Score
- Sep 16, 2023 EPSS Score
- Oct 23, 2023 EPSS Score
- Nov 29, 2023 EPSS Score
- Jan 6, 2024 EPSS Score
- Feb 12, 2024 EPSS Score
- Mar 21, 2024 EPSS Score
- Apr 27, 2024 EPSS Score
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-312-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-312-01-NetBotz_4_Security_Notification.pdf url
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2021-159-04_ISaGRAF_Security_Notification.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2021-313-05_Badalloc_Vulnerabilities_Security_Notification.pdf advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-43377 advisory