CVE-2022-43378

CWE-1021 — Clickjacking3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.3%

top 47.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Netbotz 355 Firmware Schneider-electric Netbotz 450 Firmware Schneider-electric Netbotz 455 Firmware +3 more

Timeline

PublishedApr 18

Latest updateJul 6

Description

A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause the user to be tricked into performing unintended actions when external address frames are not properly restricted. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 and prior)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages6 packages

▶NVDschneider-electric/netbotz_355_firmware4.0.0 — 4.7.0

▶NVDschneider-electric/netbotz_450_firmware4.0.0 — 4.7.0

▶NVDschneider-electric/netbotz_455_firmware4.0.0 — 4.7.0

▶NVDschneider-electric/netbotz_550_firmware4.0.0 — 4.7.0

▶NVDschneider-electric/netbotz_570_firmware4.0.0 — 4.7.0

Patches

Patch: download.schneider-electric.com ↗Patch: download.schneider-electric.com ↗

🔴Vulnerability Details

GHSA

GHSA-7x83-244x-q653: A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause the user to be tricked into performing unintend↗2023-07-06

▶

CVEList

CVE-2022-43378: A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause the user to be tricked into performing unintend↗2023-04-18

▶