CVEs (4)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Schneider Electric 1Conext Combox Firmware Nov 21, 2024 Jan 30, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the pr...Show more |
1Schneider Electric 1Conext Combox Firmware Nov 21, 2024 Jan 30, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could cause system’s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery (CSRF). Affe...Show more |
1Schneider Electric 1Conext Combox Firmware Nov 21, 2024 Jan 30, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause brute force attacks to take over the admin account when the product does not implement a rate limit mechanism on...Show more |
1Schneider Electric 1Conext Combox Firmware Nov 21, 2024 Feb 11, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause Sensitive data such as login credentials being exposed when a Network is sniffed. Affected Product: Conext� ComBox (All Versions) |