7.5

CVE-2022-43377





A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that
could cause account takeover when a brute force attack is performed on the account.



 Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0

 and prior)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Schneider-electricNetbotz 355 Firmware Version >= 4.0.0 <= 4.7.0
   Schneider-electricNetbotz 355 Version-
Schneider-electricNetbotz 450 Firmware Version >= 4.0.0 <= 4.7.0
   Schneider-electricNetbotz 450 Version-
Schneider-electricNetbotz 455 Firmware Version >= 4.0.0 <= 4.7.0
   Schneider-electricNetbotz 455 Version-
Schneider-electricNetbotz 550 Firmware Version >= 4.0.0 <= 4.7.0
   Schneider-electricNetbotz 550 Version-
Schneider-electricNetbotz 570 Firmware Version >= 4.0.0 <= 4.7.0
   Schneider-electricNetbotz 570 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.28% 0.512
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cybersecurity@se.com 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-307 Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.