VDB
SEVD-2022-312-01
SEVD-2022-312-01
PUBLISHED
CVSS 8.800000190734863 HIGH
Schneider Electric is aware of multiple vulnerabilities in its NetBotz 4 - 355/450/455/550/570 products. The NetBotz 4 - 355/450/455/550/570 products are security and environmental monitors providing temperature, humidity, leak, smoke, vibration, door contact, and video monitoring capabilities. Failure to apply the remediation provided below may risk device attacks which could result in device manipulation and unauthorized device access. February 2023 Update: The CVSS scores were updated.
Risk Scores
CVSS v3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider Electric NetBotz 4 - 355 4.7.2 | ||
| Schneider Electric NetBotz 4 - 570 4.7.2 | ||
| Schneider Electric NetBotz 4 - 450 4.7.2 | ||
| Schneider Electric NetBotz 4 - 570 version 4.7.0 and prior | ||
| Schneider Electric NetBotz 4 - 450 version 4.7.0 and prior | ||
| Schneider Electric NetBotz 4 - 455 version 4.7.0 and prior | ||
| Schneider Electric NetBotz 4 - 550 4.7.2 | ||
| Schneider Electric NetBotz 4 - 455 4.7.2 | ||
| Schneider Electric NetBotz 4 - 355 version 4.7.0 and prior | ||
| Schneider Electric NetBotz 4 - 550 version 4.7.0 and prior |
Timeline
- Nov 8, 2022 CVE Published
- Feb 14, 2023 CVE Updated
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-312-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-312-01-NetBotz_4_Security_Notification.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-312-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2022-312-01.json advisory
- https://www.se.com/us/en/download/document/7EN52-0390/ url
- https://download.schneider-electric.com/files?p_enDocType=Firmware&p_Doc_Ref=APC_SFNBZ_472_EN&p_File_Name=SFNBZ472.zip fix