Vulnerabilities > CVE-2022-43378 - Improper Restriction of Rendered UI Layers or Frames vulnerability in Schneider-Electric products

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

schneider-electric

CWE-1021

NVD

Published: 2023-04-18

Updated: 2023-04-27

Summary

A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause the user to be tricked into performing unintended actions when external address frames are not properly restricted. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 and prior)

Vulnerable Configurations

Part	Description	Count
OS	Schneider-Electric Schneider Electric Netbotz 355 Firmware * Schneider Electric Netbotz 450 Firmware * Schneider Electric Netbotz 455 Firmware * Schneider Electric Netbotz 550 Firmware * Schneider Electric Netbotz 570 Firmware *	5
Hardware	Schneider-Electric Schneider Electric Netbotz 355 - Schneider Electric Netbotz 450 - Schneider Electric Netbotz 455 - Schneider Electric Netbotz 550 - Schneider Electric Netbotz 570 -	5

Common Weakness Enumeration (CWE)

CWE-1021 - Improper Restriction of Rendered UI Layers or Frames

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-312-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-312-01-NetBotz_4_Security_Notification.pdf