Vulnerabilities (CVE)

Filtered by vendor Schneider-electric Subscribe
Filtered by product Conext Combox
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-32516 1 Schneider-electric 2 Conext Combox, Conext Combox Firmware 2024-02-28 N/A 6.5 MEDIUM
A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could cause system’s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery (CSRF). Affected Products: Conext™ ComBox (All Versions)
CVE-2022-32517 1 Schneider-electric 2 Conext Combox, Conext Combox Firmware 2024-02-28 N/A 6.5 MEDIUM
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the product does not implement restrictions on the ability to render within frames on external addresses. Affected Products: Conext™ ComBox (All Versions)
CVE-2022-32515 1 Schneider-electric 2 Conext Combox, Conext Combox Firmware 2024-02-28 N/A 9.8 CRITICAL
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause brute force attacks to take over the admin account when the product does not implement a rate limit mechanism on the admin authentication form. Affected Products: Conext™ ComBox (All Versions)
CVE-2021-22798 1 Schneider-electric 2 Conext Combox, Conext Combox Firmware 2024-02-28 5.0 MEDIUM 7.5 HIGH
A CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause Sensitive data such as login credentials being exposed when a Network is sniffed. Affected Product: Conext? ComBox (All Versions)