CVE-2022-43378

Published: Apr 18, 2023Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause the user to be tricked into performing unintended actions when external address frames are not properly restricted. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 and prior)

Affected (5)

Products: Schneider Electric: Netbotz 355 Firmware, Netbotz 450 Firmware, Netbotz 455 Firmware, Netbotz 550 Firmware, Netbotz 570 Firmware

5 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Netbotz 355 Firmware	From 4.0.0 to 4.7.0

Running on/with	Platform Versions
Schneider Electric Netbotz 355	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Netbotz 450 Firmware	From 4.0.0 to 4.7.0

Running on/with	Platform Versions
Schneider Electric Netbotz 450	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Netbotz 455 Firmware	From 4.0.0 to 4.7.0

Running on/with	Platform Versions
Schneider Electric Netbotz 455	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Netbotz 550 Firmware	From 4.0.0 to 4.7.0

Running on/with	Platform Versions
Schneider Electric Netbotz 550	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Netbotz 570 Firmware	From 4.0.0 to 4.7.0

Running on/with	Platform Versions
Schneider Electric Netbotz 570	All versions

Related CWEs

CWE-1021

Improper Restriction of Rendered UI Layers or Frames

The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with.

References (2)

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-312-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-312-01-NetBotz_4_Security_Notification.pdf

Source: cybersecurity@se.com

PatchVendor Advisory

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-312-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-312-01-NetBotz_4_Security_Notification.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.