CVE-2022-43377

HIGH

Schneider Electric NetBotz 355/450/455/550/570 < 4.7.0 - Excessive Authentication Attempts

Title source: llm

Description

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause account takeover when a brute force attack is performed on the account. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 and prior)

References (1)

Core 1

Core References

Patch, Vendor Advisory

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-312-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-312-01-NetBotz_4_Security_Notification.pdf

Scores

CVSS v3 7.5

EPSS 0.0025

EPSS Percentile 48.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-307

Status published

Products (5)

schneider-electric/netbotz_355_firmware 4.0.0 - 4.7.0

schneider-electric/netbotz_450_firmware 4.0.0 - 4.7.0

schneider-electric/netbotz_455_firmware 4.0.0 - 4.7.0

schneider-electric/netbotz_550_firmware 4.0.0 - 4.7.0

schneider-electric/netbotz_570_firmware 4.0.0 - 4.7.0

Published Apr 18, 2023

Tracked Since Feb 18, 2026