Improper Restriction of Excessive Authentication Attempts in Schneider Electric's Conext™ ComBox
CVE-2022-32515

8.6HIGH

Key Information:

Vendor: Schneider Electric
Status: Conext™ Combox
Vendor: CVE Published:; 30 January 2023

Summary

A vulnerability exists within Schneider Electric's Conext™ ComBox that permits excessive authentication attempts, potentially allowing malicious actors to execute brute force attacks. If there is no effective rate limiting mechanism implemented on the admin authentication form, attackers can exploit this vulnerability to take over admin accounts, compromising system security.

Affected Version(s)

Conext™ ComBox All Versions

References

https://download.schneider-electric.com/files?p_enDocType...

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 30, 2023
Vulnerability Reserved
Jun 7, 2022