Conext ComBox
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-6019 | Hig | 0.55 | 7.5 | 0.37 | Apr 7, 2017 | An issue was discovered in Schneider Electric Conext ComBox, model 865-1058, all firmware versions prior to V3.03 BN 830. A series of rapid requests to the device may cause it to reboot. | ||
| CVE-2022-32515 | 0.00 | — | 0.01 | Jan 30, 2023 | A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause brute force attacks to take over the admin account when the product does not implement a rate limit mechanism on the admin authentication form. Affected Products: Conext™… | |||
| CVE-2022-32516 | 0.00 | — | 0.00 | Jan 30, 2023 | A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could cause system’s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery (CSRF). Affected Products: Conext™ ComBox (All Versions) | |||
| CVE-2022-32517 | 0.00 | — | 0.00 | Jan 30, 2023 | A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the product does not implement restrictions on the ability to… |
- risk 0.55cvss 7.5epss 0.37
An issue was discovered in Schneider Electric Conext ComBox, model 865-1058, all firmware versions prior to V3.03 BN 830. A series of rapid requests to the device may cause it to reboot.
- CVE-2022-32515Jan 30, 2023risk 0.00cvss —epss 0.01
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause brute force attacks to take over the admin account when the product does not implement a rate limit mechanism on the admin authentication form. Affected Products: Conext™…
- CVE-2022-32516Jan 30, 2023risk 0.00cvss —epss 0.00
A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could cause system’s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery (CSRF). Affected Products: Conext™ ComBox (All Versions)
- CVE-2022-32517Jan 30, 2023risk 0.00cvss —epss 0.00
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the product does not implement restrictions on the ability to…