Vulnerability Description
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause code and session manipulation when malicious code is inserted into the browser. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 and prior)
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Netbotz 355 Firmware | >= 4.0.0, <= 4.7.0 |
| Schneider-Electric | Netbotz 355 | - |
| Schneider-Electric | Netbotz 450 Firmware | >= 4.0.0, <= 4.7.0 |
| Schneider-Electric | Netbotz 450 | - |
| Schneider-Electric | Netbotz 455 Firmware | >= 4.0.0, <= 4.7.0 |
| Schneider-Electric | Netbotz 455 | - |
| Schneider-Electric | Netbotz 550 Firmware | >= 4.0.0, <= 4.7.0 |
| Schneider-Electric | Netbotz 550 | - |
| Schneider-Electric | Netbotz 570 Firmware | >= 4.0.0, <= 4.7.0 |
| Schneider-Electric | Netbotz 570 | - |
Related Weaknesses (CWE)
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-312-01&p_enDocPatchVendor Advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-312-01&p_enDocPatchVendor Advisory
FAQ
What is CVE-2022-43376?
CVE-2022-43376 is a vulnerability with a CVSS score of 7.6 (HIGH). A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause code and session manipulation when malicious code is inserted in...
How severe is CVE-2022-43376?
CVE-2022-43376 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-43376?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Netbotz 355 Firmware, Schneider-Electric Netbotz 355, Schneider-Electric Netbotz 450 Firmware, Schneider-Electric Netbotz 450, Schneider-Electric Netbotz 455 Firmware.