CVE-2022-43378 - OpenCVE

A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause the user to be tricked into performing unintended actions when external address frames are not properly restricted. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 and prior)

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Schneider-electric	Netbotz 355 Netbotz 355 Firmware Netbotz 450 Netbotz 450 Firmware Netbotz 455 Netbotz 455 Firmware Netbotz 550 Netbotz 550 Firmware Netbotz 570 Netbotz 570 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:schneider-electric:netbotz_355_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:netbotz_355:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:schneider-electric:netbotz_450_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:netbotz_450:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:schneider-electric:netbotz_455_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:netbotz_455:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:schneider-electric:netbotz_550_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:netbotz_550:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:schneider-electric:netbotz_570_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:netbotz_570:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-312-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-312-01-NetBotz_4_Security_Notification.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: schneider

Published: 2023-04-18T20:06:36.818Z

Updated: 2024-08-03T13:32:58.010Z

Reserved: 2022-10-17T16:42:12.652Z

Link: CVE-2022-43378

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-04-18T21:15:07.647

Modified: 2023-04-27T19:31:42.067

Link: CVE-2022-43378

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-43378", "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "state": "PUBLISHED", "assignerShortName": "schneider", "dateReserved": "2022-10-17T16:42:12.652Z", "datePublished": "2023-04-18T20:06:36.818Z", "dateUpdated": "2024-08-03T13:32:58.010Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "NetBotz 4 - 355/450/455/550/570", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "V4.7.0 and prior"}]}], "datePublic": "2022-11-08T08:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n\n\n\n\n\n\nA CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that\ncould cause the user to be tricked into performing unintended actions when external address\nframes are not properly restricted.\n\n\n\n\n\n Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0\n\n and prior)"}], "value": "\n\n\n\n\n\n\nA CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that\ncould cause the user to be tricked into performing unintended actions when external address\nframes are not properly restricted.\n\n\n\n\n\n Affected Products: NetBotz 4 - 355/450/455/550/570\u00a0(V4.7.0\n\n and prior)"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1021", "description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider", "dateUpdated": "2023-04-18T20:06:36.818Z"}, "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-312-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-312-01-NetBotz_4_Security_Notification.pdf"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:32:58.010Z"}, "title": "CVE Program Container", "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-312-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-312-01-NetBotz_4_Security_Notification.pdf", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:netbotz_355_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "49CC6F3B-4CA5-423A-BBCD-B06823117557", "versionEndIncluding": "4.7.0", "versionStartIncluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:netbotz_355:-:*:*:*:*:*:*:*", "matchCriteriaId": "77F177F5-1863-4AF9-81A8-1044ECBD7984", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:netbotz_450_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D19ED56-46B2-49F4-931C-15CA50D17AAA", "versionEndIncluding": "4.7.0", "versionStartIncluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:netbotz_450:-:*:*:*:*:*:*:*", "matchCriteriaId": "19C9F31A-BFF1-4BE4-86C4-D3B3578152A0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:netbotz_455_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FC27E834-8A75-4F2F-A300-2990AF2796A5", "versionEndIncluding": "4.7.0", "versionStartIncluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:netbotz_455:-:*:*:*:*:*:*:*", "matchCriteriaId": "C41630CB-CE60-4979-A0F9-5F66C5C69629", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:netbotz_550_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F3A7BE2F-9AFD-4524-97DE-45855381A3D5", "versionEndIncluding": "4.7.0", "versionStartIncluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:netbotz_550:-:*:*:*:*:*:*:*", "matchCriteriaId": "C55DCA01-8401-4002-8692-F26B7A50BCA9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:netbotz_570_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "62990842-7902-4AF0-99EE-31188AACCA5A", "versionEndIncluding": "4.7.0", "versionStartIncluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:netbotz_570:-:*:*:*:*:*:*:*", "matchCriteriaId": "3307CFF4-C9A5-40D4-9B1A-B8D06839BC75", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\n\n\n\n\n\n\nA CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that\ncould cause the user to be tricked into performing unintended actions when external address\nframes are not properly restricted.\n\n\n\n\n\n Affected Products: NetBotz 4 - 355/450/455/550/570\u00a0(V4.7.0\n\n and prior)"}], "id": "CVE-2022-43378", "lastModified": "2023-04-27T19:31:42.067", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "cybersecurity@se.com", "type": "Secondary"}]}, "published": "2023-04-18T21:15:07.647", "references": [{"source": "cybersecurity@se.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-312-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-312-01-NetBotz_4_Security_Notification.pdf"}], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1021"}], "source": "cybersecurity@se.com", "type": "Primary"}]}