What is CVE-2022-43376?

CVE-2022-43376 is a vulnerability that allows code and session manipulation through malicious code inserted into a web page.

Which products are affected by CVE-2022-43376?

NetBotz 4 - 355/450/455/550/570 (V4.7.0 and prior) firmware versions are affected by CVE-2022-43376.

What is the severity of CVE-2022-43376?

CVE-2022-43376 has a severity rating of 6.1 (High).

How can CVE-2022-43376 be exploited?

CVE-2022-43376 can be exploited by inserting malicious code into a browser.

Is there a fix for CVE-2022-43376?

Upgrading NetBotz 4 - 355/450/455/550/570 firmware to version 4.7.0 or later will fix CVE-2022-43376.

Vulnerability/
CVE-2022-43376

high

7.6

CWE

18/4/2023

3/8/2024

CVE-2022-43376: XSS

First published: Tue Apr 18 2023(Updated: )

A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause code and session manipulation when malicious code is inserted into the browser. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 and prior)

Credit: cybersecurity@se.com

Affected Software	Affected Version	How to fix
Schneider-electric Netbotz 355 Firmware	>=4.0.0<=4.7.0
Schneider-electric Netbotz 355
Schneider-electric Netbotz 450 Firmware	>=4.0.0<=4.7.0
Schneider-electric Netbotz 450
Schneider-electric Netbotz 455 Firmware	>=4.0.0<=4.7.0
Schneider-electric Netbotz 455
Schneider-electric Netbotz 550 Firmware	>=4.0.0<=4.7.0
Schneider-electric Netbotz 550
Schneider-electric Netbotz 570 Firmware	>=4.0.0<=4.7.0
Schneider-electric Netbotz 570

Remedy

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-312-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-312-01-NetBotz_4_Security_Notification.pdf

Never miss a vulnerability like this again

Reference Links

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-312-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-312-01-NetBotz_4_Security_Notification.pdf

Frequently Asked Questions

What is CVE-2022-43376?
CVE-2022-43376 is a vulnerability that allows code and session manipulation through malicious code inserted into a web page.
Which products are affected by CVE-2022-43376?
NetBotz 4 - 355/450/455/550/570 (V4.7.0 and prior) firmware versions are affected by CVE-2022-43376.
What is the severity of CVE-2022-43376?
CVE-2022-43376 has a severity rating of 6.1 (High).
How can CVE-2022-43376 be exploited?
CVE-2022-43376 can be exploited by inserting malicious code into a browser.
Is there a fix for CVE-2022-43376?
Upgrading NetBotz 4 - 355/450/455/550/570 firmware to version 4.7.0 or later will fix CVE-2022-43376.

collector/nvd-index
agent/references
agent/severity
agent/weakness
agent/author
agent/type
agent/event
agent/description
agent/remedy
agent/softwarecombine
agent/last-modified-date
agent/first-publish-date
agent/tags
collector/mitre-cve
source/MITRE
vendor/schneider-electric
canonical/schneider-electric netbotz 355 firmware
version/schneider-electric netbotz 355 firmware/4.0.0
version/schneider-electric netbotz 355 firmware/4.7.0
canonical/schneider-electric netbotz 355
canonical/schneider-electric netbotz 450 firmware
version/schneider-electric netbotz 450 firmware/4.0.0
version/schneider-electric netbotz 450 firmware/4.7.0
canonical/schneider-electric netbotz 450
canonical/schneider-electric netbotz 455 firmware
version/schneider-electric netbotz 455 firmware/4.0.0
version/schneider-electric netbotz 455 firmware/4.7.0
canonical/schneider-electric netbotz 455
canonical/schneider-electric netbotz 550 firmware
version/schneider-electric netbotz 550 firmware/4.0.0
version/schneider-electric netbotz 550 firmware/4.7.0
canonical/schneider-electric netbotz 550
canonical/schneider-electric netbotz 570 firmware
version/schneider-electric netbotz 570 firmware/4.0.0
version/schneider-electric netbotz 570 firmware/4.7.0
canonical/schneider-electric netbotz 570