CVE-2023-2265

Published Nov 30, 2023

Last updated a year ago

CVSS medium 6.1

Overview

Description: An Improper Restriction of Rendered UI Layers or Frames in the Schweitzer Engineering Laboratories SEL-411L could allow an unauthenticated attacker to perform clickjacking based attacks against an authenticated and authorized user. See product Instruction Manual Appendix A dated 20230830 for more details.
Source: security@selinc.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.1
Impact score: 2.7
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-1021
security@selinc.com: CWE-1021

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:selinc:sel-411l_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "49894C1C-F351-48C1-9B0C-ADEF9F15967F",
            "versionEndExcluding": "r118-v4",
            "versionStartIncluding": "r118-v0"
          },
          {
            "criteria": "cpe:2.3:o:selinc:sel-411l_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D50FA357-FD76-4D6E-BE33-F023EF8EA6D4",
            "versionEndExcluding": "r119-v5",
            "versionStartIncluding": "r119-v0"
          },
          {
            "criteria": "cpe:2.3:o:selinc:sel-411l_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F2C5D52B-BE58-41ED-9660-88FCD87EBBBF",
            "versionEndExcluding": "r120-v6",
            "versionStartIncluding": "r120-v0"
          },
          {
            "criteria": "cpe:2.3:o:selinc:sel-411l_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "97CF37D0-9DF4-4277-A948-57D0677361DE",
            "versionEndExcluding": "r121-v3",
            "versionStartIncluding": "r121-v0"
          },
          {
            "criteria": "cpe:2.3:o:selinc:sel-411l_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5E81C049-DCDA-46D7-A3FD-337663171A4B",
            "versionEndExcluding": "r122-v3",
            "versionStartIncluding": "r122-v0"
          },
          {
            "criteria": "cpe:2.3:o:selinc:sel-411l_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B30BA03-4595-4537-B88A-7DB8D4E565F0",
            "versionEndExcluding": "r123-v3",
            "versionStartIncluding": "r123-v0"
          },
          {
            "criteria": "cpe:2.3:o:selinc:sel-411l_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A5DE8B0-BB5F-49E5-8039-6A7466E3265C",
            "versionEndExcluding": "r124-v3",
            "versionStartIncluding": "r124-v0"
          },
          {
            "criteria": "cpe:2.3:o:selinc:sel-411l_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "622B4133-6FDE-49D6-A768-ADFB0AB829A6",
            "versionEndExcluding": "r125-v3",
            "versionStartIncluding": "r125-v0"
          },
          {
            "criteria": "cpe:2.3:o:selinc:sel-411l_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B913BE75-D4F1-40C9-9450-C195C84E7EAE",
            "versionEndExcluding": "r126-v4",
            "versionStartIncluding": "r126-v0"
          },
          {
            "criteria": "cpe:2.3:o:selinc:sel-411l_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "90C6D8F0-54F0-46CD-994C-524E9593EEE3",
            "versionEndExcluding": "r127-v2",
            "versionStartIncluding": "r127-v0"
          },
          {
            "criteria": "cpe:2.3:o:selinc:sel-411l_firmware:r128-v0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80116398-08C8-4571-B90D-E96530E0A17D"
          },
          {
            "criteria": "cpe:2.3:o:selinc:sel-411l_firmware:r129-v0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "59DB9510-A827-4E5C-B41F-CCB38837BCFB"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:selinc:sel-411l:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "775B0B13-EF38-4AAE-892D-975374673480"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References