Vulnerability Details CVE-2022-43378
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that
could cause the user to be tricked into performing unintended actions when external address
frames are not properly restricted.
Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0
and prior)
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.6%
CVSS Severity
CVSS v3 Score 6.5
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-312-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-312-01-NetBotz_4_Security_Notification.pdf
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-312-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-312-01-NetBotz_4_Security_Notification.pdf
Products affected by CVE-2022-43378
-
cpe:2.3:h:schneider-electric:netbotz_355:-
-
cpe:2.3:h:schneider-electric:netbotz_450:-
-
cpe:2.3:h:schneider-electric:netbotz_455:-
-
cpe:2.3:h:schneider-electric:netbotz_550:-
-
cpe:2.3:h:schneider-electric:netbotz_570:-
-
cpe:2.3:o:schneider-electric:netbotz_355_firmware:*
-
cpe:2.3:o:schneider-electric:netbotz_450_firmware:*
-
cpe:2.3:o:schneider-electric:netbotz_455_firmware:*
-
cpe:2.3:o:schneider-electric:netbotz_550_firmware:*
-
cpe:2.3:o:schneider-electric:netbotz_570_firmware:*