Vulnerabilities > CVE-2022-43377 - Improper Restriction of Excessive Authentication Attempts vulnerability in Schneider-Electric products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

schneider-electric

CWE-307

NVD

Published: 2023-04-18

Updated: 2023-04-25

Summary

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause account takeover when a brute force attack is performed on the account. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 and prior)

Vulnerable Configurations

Part	Description	Count
OS	Schneider-Electric Schneider Electric Netbotz 355 Firmware * Schneider Electric Netbotz 450 Firmware * Schneider Electric Netbotz 455 Firmware * Schneider Electric Netbotz 550 Firmware * Schneider Electric Netbotz 570 Firmware *	5
Hardware	Schneider-Electric Schneider Electric Netbotz 355 - Schneider Electric Netbotz 450 - Schneider Electric Netbotz 455 - Schneider Electric Netbotz 550 - Schneider Electric Netbotz 570 -	5

Common Weakness Enumeration (CWE)

CWE-307 - Improper Restriction of Excessive Authentication Attempts

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-312-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-312-01-NetBotz_4_Security_Notification.pdf