Refine your search
3 vulnerabilities found for NetBotz 4 - 355/450/455/550/570 by Schneider Electric
CVE-2022-43378 (GCVE-0-2022-43378)
Vulnerability from cvelistv5
Published
2023-04-18 20:06
Modified
2025-02-05 20:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
Summary
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that
could cause the user to be tricked into performing unintended actions when external address
frames are not properly restricted.
Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0
and prior)
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Schneider Electric | NetBotz 4 - 355/450/455/550/570 |
Version: V4.7.0 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:58.010Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-312-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-312-01-NetBotz_4_Security_Notification.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-43378",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T19:50:30.759079Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T20:04:56.934Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NetBotz 4 - 355/450/455/550/570",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "V4.7.0 and prior"
}
]
}
],
"datePublic": "2022-11-08T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\n\n\n\n\nA CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that\ncould cause the user to be tricked into performing unintended actions when external address\nframes are not properly restricted.\n\n\n\n\n\n Affected Products: NetBotz 4 - 355/450/455/550/570\u0026nbsp;(V4.7.0\n\n and prior)"
}
],
"value": "\n\n\n\n\n\n\nA CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that\ncould cause the user to be tricked into performing unintended actions when external address\nframes are not properly restricted.\n\n\n\n\n\n Affected Products: NetBotz 4 - 355/450/455/550/570\u00a0(V4.7.0\n\n and prior)"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1021",
"description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T20:06:36.818Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-312-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-312-01-NetBotz_4_Security_Notification.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2022-43378",
"datePublished": "2023-04-18T20:06:36.818Z",
"dateReserved": "2022-10-17T16:42:12.652Z",
"dateUpdated": "2025-02-05T20:04:56.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43377 (GCVE-0-2022-43377)
Vulnerability from cvelistv5
Published
2023-04-18 19:56
Modified
2025-02-05 20:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-307 - Improper Restriction of Excessive Authentication Attempts
Summary
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that
could cause account takeover when a brute force attack is performed on the account.
Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0
and prior)
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Schneider Electric | NetBotz 4 - 355/450/455/550/570 |
Version: V4.7.0 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:57.395Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-312-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-312-01-NetBotz_4_Security_Notification.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-43377",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T20:23:44.239581Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T20:24:49.039Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NetBotz 4 - 355/450/455/550/570",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "V4.7.0 and prior"
}
]
}
],
"datePublic": "2022-11-08T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\n\n\nA CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that\ncould cause account takeover when a brute force attack is performed on the account.\n\n\n\n Affected Products: NetBotz 4 - 355/450/455/550/570\u0026nbsp;(V4.7.0\n\n and prior)"
}
],
"value": "\n\n\n\n\nA CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that\ncould cause account takeover when a brute force attack is performed on the account.\n\n\n\n Affected Products: NetBotz 4 - 355/450/455/550/570\u00a0(V4.7.0\n\n and prior)"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T19:56:14.189Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-312-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-312-01-NetBotz_4_Security_Notification.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2022-43377",
"datePublished": "2023-04-18T19:56:14.189Z",
"dateReserved": "2022-10-17T16:42:12.652Z",
"dateUpdated": "2025-02-05T20:24:49.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43376 (GCVE-0-2022-43376)
Vulnerability from cvelistv5
Published
2023-04-18 19:55
Modified
2025-02-05 20:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site
Scripting') vulnerability exists that could cause code and session manipulation when malicious
code is inserted into the browser.
Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0
and prior)
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Schneider Electric | NetBotz 4 - 355/450/455/550/570 |
Version: V4.7.0 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:58.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-312-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-312-01-NetBotz_4_Security_Notification.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-43376",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T19:50:33.636877Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T20:05:07.304Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NetBotz 4 - 355/450/455/550/570",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "V4.7.0 and prior"
}
]
}
],
"datePublic": "2022-11-08T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\nA CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site\nScripting\u0027) vulnerability exists that could cause code and session manipulation when malicious\ncode is inserted into the browser.\n\n Affected Products: NetBotz 4 - 355/450/455/550/570\u0026nbsp;(V4.7.0\n\n and prior)"
}
],
"value": "\n\n\nA CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site\nScripting\u0027) vulnerability exists that could cause code and session manipulation when malicious\ncode is inserted into the browser.\n\n Affected Products: NetBotz 4 - 355/450/455/550/570\u00a0(V4.7.0\n\n and prior)"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T19:55:07.347Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-312-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-312-01-NetBotz_4_Security_Notification.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2022-43376",
"datePublished": "2023-04-18T19:55:07.347Z",
"dateReserved": "2022-10-17T16:42:12.652Z",
"dateUpdated": "2025-02-05T20:05:07.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}