Vulnerability Description
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause account takeover when a brute force attack is performed on the account. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 and prior)
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Netbotz 355 Firmware | >= 4.0.0, <= 4.7.0 |
| Schneider-Electric | Netbotz 355 | - |
| Schneider-Electric | Netbotz 450 Firmware | >= 4.0.0, <= 4.7.0 |
| Schneider-Electric | Netbotz 450 | - |
| Schneider-Electric | Netbotz 455 Firmware | >= 4.0.0, <= 4.7.0 |
| Schneider-Electric | Netbotz 455 | - |
| Schneider-Electric | Netbotz 550 Firmware | >= 4.0.0, <= 4.7.0 |
| Schneider-Electric | Netbotz 550 | - |
| Schneider-Electric | Netbotz 570 Firmware | >= 4.0.0, <= 4.7.0 |
| Schneider-Electric | Netbotz 570 | - |
Related Weaknesses (CWE)
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-312-01&p_enDocPatchVendor Advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-312-01&p_enDocPatchVendor Advisory
FAQ
What is CVE-2022-43377?
CVE-2022-43377 is a vulnerability with a CVSS score of 7.5 (HIGH). A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause account takeover when a brute force attack is performed on the account. Affected Pro...
How severe is CVE-2022-43377?
CVE-2022-43377 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-43377?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Netbotz 355 Firmware, Schneider-Electric Netbotz 355, Schneider-Electric Netbotz 450 Firmware, Schneider-Electric Netbotz 450, Schneider-Electric Netbotz 455 Firmware.