CVE-2023-2265

Published: Nov 30, 2023Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

An Improper Restriction of Rendered UI Layers or Frames in the Schweitzer Engineering Laboratories SEL-411L could allow an unauthenticated attacker to perform clickjacking based attacks against an authenticated and authorized user. See product Instruction Manual Appendix A dated 20230830 for more details.

Affected (12)

Products: Selinc: Sel 411l Firmware

Selinc

1 product

Sel 411l Firmware

Configuration A

12 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Selinc Sel 411l Firmware	From r118-v0 to r118-v4
Selinc Sel 411l Firmware	From r119-v0 to r119-v5
Selinc Sel 411l Firmware	From r120-v0 to r120-v6
Selinc Sel 411l Firmware	From r121-v0 to r121-v3
Selinc Sel 411l Firmware	From r122-v0 to r122-v3
Selinc Sel 411l Firmware	From r123-v0 to r123-v3
Selinc Sel 411l Firmware	From r124-v0 to r124-v3
Selinc Sel 411l Firmware	From r125-v0 to r125-v3
Selinc Sel 411l Firmware	From r126-v0 to r126-v4
Selinc Sel 411l Firmware	From r127-v0 to r127-v2
Selinc Sel 411l Firmware	Version r128-v0
Selinc Sel 411l Firmware	Version r129-v0

Running on/with	Platform Versions
Selinc Sel 411l	All versions

Related CWEs

CWE-1021

Improper Restriction of Rendered UI Layers or Frames

The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with.

References (2)

https://selinc.com/support/security-notifications/external-reports/

Source: security@selinc.com

Vendor Advisory

https://selinc.com/support/security-notifications/external-reports/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.