Search
Find a vulnerability
Search criteria
8 vulnerabilities found for SEL-411L by Schweitzer Engineering Laboratories
CVE-2023-2267 (GCVE-0-2023-2267)
Vulnerability from nvd – Published: 2023-11-30 16:58 – Updated: 2024-08-02 06:19
VLAI
EPSS
VEX
Title
Improper input validation could lead to reflection injection attacks
Summary
An Improper Input Validation vulnerability in Schweitzer Engineering Laboratories SEL-411L could allow an attacker to perform reflection attacks against an authorized and authenticated user.
See product Instruction Manual Appendix A dated 20230830 for more details.
Severity
4.3 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-411L |
Affected:
R118-V0 , < R118-V4
(custom)
Affected: R119-V0 , < R119-V5 (custom) Affected: R120-V0 , < R120-V6 (custom) Affected: R121-V0 , < R121-V3 (custom) Affected: R122-V0 , < R122-V3 (custom) Affected: R123-V0 , < R123-V3 (custom) Affected: R124-V0 , < R124-V3 (custom) Affected: R125-V0 , < R125-V3 (custom) Affected: R126-V0 , < R126-V4 (custom) Affected: R127-V0 , < R127-V2 (custom) Affected: R128-V0 , < R128-V1 (custom) Affected: R129-V0 , < R129-V1 (custom) |
Date Public
2023-11-30 09:56
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:14.317Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SEL-411L",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R118-V4",
"status": "affected",
"version": "R118-V0",
"versionType": "custom"
},
{
"lessThan": "R119-V5",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R120-V6",
"status": "affected",
"version": "R120-V0",
"versionType": "custom"
},
{
"lessThan": "R121-V3",
"status": "affected",
"version": "R121-V0",
"versionType": "custom"
},
{
"lessThan": "R122-V3",
"status": "affected",
"version": "R122-V0",
"versionType": "custom"
},
{
"lessThan": "R123-V3",
"status": "affected",
"version": "R123-V0",
"versionType": "custom"
},
{
"lessThan": "R124-V3",
"status": "affected",
"version": "R124-V0",
"versionType": "custom"
},
{
"lessThan": "R125-V3",
"status": "affected",
"version": "R125-V0",
"versionType": "custom"
},
{
"lessThan": "R126-V4",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R127-V2",
"status": "affected",
"version": "R127-V0",
"versionType": "custom"
},
{
"lessThan": "R128-V1",
"status": "affected",
"version": "R128-V0",
"versionType": "custom"
},
{
"lessThan": "R129-V1",
"status": "affected",
"version": "R129-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sushant Mane, Parul Sindhwad, Imran Jamadar \u0026 Dr. Faruk Kazi from CoE-CNDS Lab, VJTI, Mumbai, India."
}
],
"datePublic": "2023-11-30T09:56:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Input Validation vulnerability in Schweitzer Engineering Laboratories SEL-411L could allow an attacker to perform reflection attacks against an authorized and authenticated user.\u003cbr\u003e\u003cbr\u003e\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n\u003cbr\u003e"
}
],
"value": "An Improper Input Validation vulnerability in Schweitzer Engineering Laboratories SEL-411L could allow an attacker to perform reflection attacks against an authorized and authenticated user.\n\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-138",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-138 Reflection Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-30T16:58:44.063Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper input validation could lead to reflection injection attacks",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-2267",
"datePublished": "2023-11-30T16:58:44.063Z",
"dateReserved": "2023-04-24T23:21:10.937Z",
"dateUpdated": "2024-08-02T06:19:14.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2266 (GCVE-0-2023-2266)
Vulnerability from nvd – Published: 2023-11-30 16:57 – Updated: 2024-08-02 06:19
VLAI
EPSS
VEX
Title
Improper neutralization of input during web page generation could lead to cross-site scripting based attacks
Summary
An Improper neutralization of input during web page generation in the Schweitzer Engineering Laboratories SEL-411L could allow an attacker to generate cross-site scripting based attacks against an authorized and authenticated user.
See product Instruction Manual Appendix A dated 20230830 for more details.
Severity
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-411L |
Affected:
R118-V0 , < R118-V4
(custom)
Affected: R119-V0 , < R119-V5 (custom) Affected: R120-V0 , < R120-V6 (custom) Affected: R121-V0 , < R121-V3 (custom) Affected: R122-V0 , < R122-V3 (custom) Affected: R123-V0 , < R123-V3 (custom) Affected: R124-V0 , < R124-V3 (custom) Affected: R125-V0 , < R125-V3 (custom) Affected: R126-V0 , < R126-V4 (custom) Affected: R127-V0 , < R127-V2 (custom) Affected: R128-V0 , < R128-V1 (custom) Affected: R129-V0 , < R129-V1 (custom) |
Date Public
2023-11-30 09:56
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:14.119Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SEL-411L",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R118-V4",
"status": "affected",
"version": "R118-V0",
"versionType": "custom"
},
{
"lessThan": "R119-V5",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R120-V6",
"status": "affected",
"version": "R120-V0",
"versionType": "custom"
},
{
"lessThan": "R121-V3",
"status": "affected",
"version": "R121-V0",
"versionType": "custom"
},
{
"lessThan": "R122-V3",
"status": "affected",
"version": "R122-V0",
"versionType": "custom"
},
{
"lessThan": "R123-V3",
"status": "affected",
"version": "R123-V0",
"versionType": "custom"
},
{
"lessThan": "R124-V3",
"status": "affected",
"version": "R124-V0",
"versionType": "custom"
},
{
"lessThan": "R125-V3",
"status": "affected",
"version": "R125-V0",
"versionType": "custom"
},
{
"lessThan": "R126-V4",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R127-V2",
"status": "affected",
"version": "R127-V0",
"versionType": "custom"
},
{
"lessThan": "R128-V1",
"status": "affected",
"version": "R128-V0",
"versionType": "custom"
},
{
"lessThan": "R129-V1",
"status": "affected",
"version": "R129-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sushant Mane, Parul Sindhwad, Imran Jamadar \u0026 Dr. Faruk Kazi from CoE-CNDS Lab, VJTI, Mumbai, India."
}
],
"datePublic": "2023-11-30T09:56:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An\u0026nbsp;Improper neutralization of input during web page generation in the Schweitzer Engineering Laboratories SEL-411L\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould allow an attacker to generate cross-site scripting based attacks against an authorized and authenticated user.\u003cbr\u003e\u003cbr\u003e\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "An\u00a0Improper neutralization of input during web page generation in the Schweitzer Engineering Laboratories SEL-411L\u00a0could allow an attacker to generate cross-site scripting based attacks against an authorized and authenticated user.\n\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-30T16:58:00.174Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper neutralization of input during web page generation could lead to cross-site scripting based attacks",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-2266",
"datePublished": "2023-11-30T16:57:34.955Z",
"dateReserved": "2023-04-24T23:21:09.897Z",
"dateUpdated": "2024-08-02T06:19:14.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2265 (GCVE-0-2023-2265)
Vulnerability from nvd – Published: 2023-11-30 16:55 – Updated: 2024-08-02 06:19
VLAI
EPSS
VEX
Title
Improper restriction of rendered UI layers or frames could lead to clickjacking attack
Summary
An Improper Restriction of Rendered UI Layers or Frames in the Schweitzer Engineering Laboratories SEL-411L could allow an unauthenticated attacker to perform clickjacking based attacks against an authenticated and authorized user.
See product Instruction Manual Appendix A dated 20230830 for more details.
Severity
4.3 (Medium)
CWE
- CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-411L |
Affected:
R118-V0 , < R118-V4
(custom)
Affected: R119-V0 , < R119-V5 (custom) Affected: R120-V0 , < R120-V6 (custom) Affected: R121-V0 , < R121-V3 (custom) Affected: R122-V0 , < R122-V3 (custom) Affected: R123-V0 , < R123-V3 (custom) Affected: R124-V0 , < R124-V3 (custom) Affected: R125-V0 , < R125-V3 (custom) Affected: R126-V0 , < R126-V4 (custom) Affected: R127-V0 , < R127-V2 (custom) Affected: R128-V0 , < R128-V1 (custom) Affected: R129-V0 , < R129-V1 (custom) |
Date Public
2023-11-30 09:56
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:14.136Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SEL-411L",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R118-V4",
"status": "affected",
"version": "R118-V0",
"versionType": "custom"
},
{
"lessThan": "R119-V5",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R120-V6",
"status": "affected",
"version": "R120-V0",
"versionType": "custom"
},
{
"lessThan": "R121-V3",
"status": "affected",
"version": "R121-V0",
"versionType": "custom"
},
{
"lessThan": "R122-V3",
"status": "affected",
"version": "R122-V0",
"versionType": "custom"
},
{
"lessThan": "R123-V3",
"status": "affected",
"version": "R123-V0",
"versionType": "custom"
},
{
"lessThan": "R124-V3",
"status": "affected",
"version": "R124-V0",
"versionType": "custom"
},
{
"lessThan": "R125-V3",
"status": "affected",
"version": "R125-V0",
"versionType": "custom"
},
{
"lessThan": "R126-V4",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R127-V2",
"status": "affected",
"version": "R127-V0",
"versionType": "custom"
},
{
"lessThan": "R128-V1",
"status": "affected",
"version": "R128-V0",
"versionType": "custom"
},
{
"lessThan": "R129-V1",
"status": "affected",
"version": "R129-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sushant Mane, Parul Sindhwad, Imran Jamadar \u0026 Dr. Faruk Kazi from CoE-CNDS Lab, VJTI, Mumbai, India."
}
],
"datePublic": "2023-11-30T09:56:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An\u0026nbsp;Improper Restriction of Rendered UI Layers or Frames in the Schweitzer Engineering Laboratories SEL-411L could allow an unauthenticated attacker to perform clickjacking based attacks against an authenticated and authorized user.\u003cbr\u003e\u003cbr\u003e\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\u003cbr\u003e"
}
],
"value": "An\u00a0Improper Restriction of Rendered UI Layers or Frames in the Schweitzer Engineering Laboratories SEL-411L could allow an unauthenticated attacker to perform clickjacking based attacks against an authenticated and authorized user.\n\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-103",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-103 Clickjacking"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1021",
"description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-30T16:55:55.901Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper restriction of rendered UI layers or frames could lead to clickjacking attack",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-2265",
"datePublished": "2023-11-30T16:55:55.901Z",
"dateReserved": "2023-04-24T23:20:54.900Z",
"dateUpdated": "2024-08-02T06:19:14.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2264 (GCVE-0-2023-2264)
Vulnerability from nvd – Published: 2023-11-30 16:55 – Updated: 2025-06-03 02:31
VLAI
EPSS
VEX
Title
Improper input validition could lead to code injection
Summary
An improper input validation vulnerability in the Schweitzer Engineering Laboratories SEL-411L could allow a malicious actor to manipulate authorized users to click on a link that could allow undesired behavior.
See product Instruction Manual Appendix A dated 20230830 for more details.
Severity
4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-411L |
Affected:
R118-V0 , < R118-V4
(custom)
Affected: R119-V0 , < R119-V5 (custom) Affected: R120-V0 , < R120-V6 (custom) Affected: R121-V0 , < R121-V3 (custom) Affected: R122-V0 , < R122-V3 (custom) Affected: R123-V0 , < R123-V3 (custom) Affected: R124-V0 , < R124-V3 (custom) Affected: R125-V0 , < R125-V3 (custom) Affected: R126-V0 , < R126-V4 (custom) Affected: R127-V0 , < R127-V2 (custom) Affected: R128-V0 , < R128-V1 (custom) Affected: R129-V0 , < R129-V1 (custom) |
Date Public
2023-11-30 09:56
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:14.117Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2264",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-03T02:31:18.344412Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T02:31:35.503Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SEL-411L",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R118-V4",
"status": "affected",
"version": "R118-V0",
"versionType": "custom"
},
{
"lessThan": "R119-V5",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R120-V6",
"status": "affected",
"version": "R120-V0",
"versionType": "custom"
},
{
"lessThan": "R121-V3",
"status": "affected",
"version": "R121-V0",
"versionType": "custom"
},
{
"lessThan": "R122-V3",
"status": "affected",
"version": "R122-V0",
"versionType": "custom"
},
{
"lessThan": "R123-V3",
"status": "affected",
"version": "R123-V0",
"versionType": "custom"
},
{
"lessThan": "R124-V3",
"status": "affected",
"version": "R124-V0",
"versionType": "custom"
},
{
"lessThan": "R125-V3",
"status": "affected",
"version": "R125-V0",
"versionType": "custom"
},
{
"lessThan": "R126-V4",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R127-V2",
"status": "affected",
"version": "R127-V0",
"versionType": "custom"
},
{
"lessThan": "R128-V1",
"status": "affected",
"version": "R128-V0",
"versionType": "custom"
},
{
"lessThan": "R129-V1",
"status": "affected",
"version": "R129-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sushant Mane, Parul Sindhwad, Imran Jamadar \u0026 Dr. Faruk Kazi from CoE-CNDS Lab, VJTI, Mumbai, India."
}
],
"datePublic": "2023-11-30T09:56:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An improper input validation vulnerability in the Schweitzer Engineering Laboratories SEL-411L could allow a malicious actor to manipulate authorized users to click on a link that could allow undesired behavior.\u003cbr\u003e\u003cbr\u003e\n\n\u003cp\u003eSee product Instruction Manual Appendix A dated 20230830 for more details.\u003c/p\u003e"
}
],
"value": "An improper input validation vulnerability in the Schweitzer Engineering Laboratories SEL-411L could allow a malicious actor to manipulate authorized users to click on a link that could allow undesired behavior.\n\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-30T16:55:28.541Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper input validition could lead to code injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-2264",
"datePublished": "2023-11-30T16:55:28.541Z",
"dateReserved": "2023-04-24T23:18:40.218Z",
"dateUpdated": "2025-06-03T02:31:35.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2267 (GCVE-0-2023-2267)
Vulnerability from cvelistv5 – Published: 2023-11-30 16:58 – Updated: 2024-08-02 06:19
VLAI
EPSS
VEX
Title
Improper input validation could lead to reflection injection attacks
Summary
An Improper Input Validation vulnerability in Schweitzer Engineering Laboratories SEL-411L could allow an attacker to perform reflection attacks against an authorized and authenticated user.
See product Instruction Manual Appendix A dated 20230830 for more details.
Severity
4.3 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-411L |
Affected:
R118-V0 , < R118-V4
(custom)
Affected: R119-V0 , < R119-V5 (custom) Affected: R120-V0 , < R120-V6 (custom) Affected: R121-V0 , < R121-V3 (custom) Affected: R122-V0 , < R122-V3 (custom) Affected: R123-V0 , < R123-V3 (custom) Affected: R124-V0 , < R124-V3 (custom) Affected: R125-V0 , < R125-V3 (custom) Affected: R126-V0 , < R126-V4 (custom) Affected: R127-V0 , < R127-V2 (custom) Affected: R128-V0 , < R128-V1 (custom) Affected: R129-V0 , < R129-V1 (custom) |
Date Public
2023-11-30 09:56
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:14.317Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SEL-411L",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R118-V4",
"status": "affected",
"version": "R118-V0",
"versionType": "custom"
},
{
"lessThan": "R119-V5",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R120-V6",
"status": "affected",
"version": "R120-V0",
"versionType": "custom"
},
{
"lessThan": "R121-V3",
"status": "affected",
"version": "R121-V0",
"versionType": "custom"
},
{
"lessThan": "R122-V3",
"status": "affected",
"version": "R122-V0",
"versionType": "custom"
},
{
"lessThan": "R123-V3",
"status": "affected",
"version": "R123-V0",
"versionType": "custom"
},
{
"lessThan": "R124-V3",
"status": "affected",
"version": "R124-V0",
"versionType": "custom"
},
{
"lessThan": "R125-V3",
"status": "affected",
"version": "R125-V0",
"versionType": "custom"
},
{
"lessThan": "R126-V4",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R127-V2",
"status": "affected",
"version": "R127-V0",
"versionType": "custom"
},
{
"lessThan": "R128-V1",
"status": "affected",
"version": "R128-V0",
"versionType": "custom"
},
{
"lessThan": "R129-V1",
"status": "affected",
"version": "R129-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sushant Mane, Parul Sindhwad, Imran Jamadar \u0026 Dr. Faruk Kazi from CoE-CNDS Lab, VJTI, Mumbai, India."
}
],
"datePublic": "2023-11-30T09:56:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Input Validation vulnerability in Schweitzer Engineering Laboratories SEL-411L could allow an attacker to perform reflection attacks against an authorized and authenticated user.\u003cbr\u003e\u003cbr\u003e\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n\u003cbr\u003e"
}
],
"value": "An Improper Input Validation vulnerability in Schweitzer Engineering Laboratories SEL-411L could allow an attacker to perform reflection attacks against an authorized and authenticated user.\n\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-138",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-138 Reflection Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-30T16:58:44.063Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper input validation could lead to reflection injection attacks",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-2267",
"datePublished": "2023-11-30T16:58:44.063Z",
"dateReserved": "2023-04-24T23:21:10.937Z",
"dateUpdated": "2024-08-02T06:19:14.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2266 (GCVE-0-2023-2266)
Vulnerability from cvelistv5 – Published: 2023-11-30 16:57 – Updated: 2024-08-02 06:19
VLAI
EPSS
VEX
Title
Improper neutralization of input during web page generation could lead to cross-site scripting based attacks
Summary
An Improper neutralization of input during web page generation in the Schweitzer Engineering Laboratories SEL-411L could allow an attacker to generate cross-site scripting based attacks against an authorized and authenticated user.
See product Instruction Manual Appendix A dated 20230830 for more details.
Severity
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-411L |
Affected:
R118-V0 , < R118-V4
(custom)
Affected: R119-V0 , < R119-V5 (custom) Affected: R120-V0 , < R120-V6 (custom) Affected: R121-V0 , < R121-V3 (custom) Affected: R122-V0 , < R122-V3 (custom) Affected: R123-V0 , < R123-V3 (custom) Affected: R124-V0 , < R124-V3 (custom) Affected: R125-V0 , < R125-V3 (custom) Affected: R126-V0 , < R126-V4 (custom) Affected: R127-V0 , < R127-V2 (custom) Affected: R128-V0 , < R128-V1 (custom) Affected: R129-V0 , < R129-V1 (custom) |
Date Public
2023-11-30 09:56
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:14.119Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SEL-411L",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R118-V4",
"status": "affected",
"version": "R118-V0",
"versionType": "custom"
},
{
"lessThan": "R119-V5",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R120-V6",
"status": "affected",
"version": "R120-V0",
"versionType": "custom"
},
{
"lessThan": "R121-V3",
"status": "affected",
"version": "R121-V0",
"versionType": "custom"
},
{
"lessThan": "R122-V3",
"status": "affected",
"version": "R122-V0",
"versionType": "custom"
},
{
"lessThan": "R123-V3",
"status": "affected",
"version": "R123-V0",
"versionType": "custom"
},
{
"lessThan": "R124-V3",
"status": "affected",
"version": "R124-V0",
"versionType": "custom"
},
{
"lessThan": "R125-V3",
"status": "affected",
"version": "R125-V0",
"versionType": "custom"
},
{
"lessThan": "R126-V4",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R127-V2",
"status": "affected",
"version": "R127-V0",
"versionType": "custom"
},
{
"lessThan": "R128-V1",
"status": "affected",
"version": "R128-V0",
"versionType": "custom"
},
{
"lessThan": "R129-V1",
"status": "affected",
"version": "R129-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sushant Mane, Parul Sindhwad, Imran Jamadar \u0026 Dr. Faruk Kazi from CoE-CNDS Lab, VJTI, Mumbai, India."
}
],
"datePublic": "2023-11-30T09:56:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An\u0026nbsp;Improper neutralization of input during web page generation in the Schweitzer Engineering Laboratories SEL-411L\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould allow an attacker to generate cross-site scripting based attacks against an authorized and authenticated user.\u003cbr\u003e\u003cbr\u003e\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "An\u00a0Improper neutralization of input during web page generation in the Schweitzer Engineering Laboratories SEL-411L\u00a0could allow an attacker to generate cross-site scripting based attacks against an authorized and authenticated user.\n\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-30T16:58:00.174Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper neutralization of input during web page generation could lead to cross-site scripting based attacks",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-2266",
"datePublished": "2023-11-30T16:57:34.955Z",
"dateReserved": "2023-04-24T23:21:09.897Z",
"dateUpdated": "2024-08-02T06:19:14.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2265 (GCVE-0-2023-2265)
Vulnerability from cvelistv5 – Published: 2023-11-30 16:55 – Updated: 2024-08-02 06:19
VLAI
EPSS
VEX
Title
Improper restriction of rendered UI layers or frames could lead to clickjacking attack
Summary
An Improper Restriction of Rendered UI Layers or Frames in the Schweitzer Engineering Laboratories SEL-411L could allow an unauthenticated attacker to perform clickjacking based attacks against an authenticated and authorized user.
See product Instruction Manual Appendix A dated 20230830 for more details.
Severity
4.3 (Medium)
CWE
- CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-411L |
Affected:
R118-V0 , < R118-V4
(custom)
Affected: R119-V0 , < R119-V5 (custom) Affected: R120-V0 , < R120-V6 (custom) Affected: R121-V0 , < R121-V3 (custom) Affected: R122-V0 , < R122-V3 (custom) Affected: R123-V0 , < R123-V3 (custom) Affected: R124-V0 , < R124-V3 (custom) Affected: R125-V0 , < R125-V3 (custom) Affected: R126-V0 , < R126-V4 (custom) Affected: R127-V0 , < R127-V2 (custom) Affected: R128-V0 , < R128-V1 (custom) Affected: R129-V0 , < R129-V1 (custom) |
Date Public
2023-11-30 09:56
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:14.136Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SEL-411L",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R118-V4",
"status": "affected",
"version": "R118-V0",
"versionType": "custom"
},
{
"lessThan": "R119-V5",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R120-V6",
"status": "affected",
"version": "R120-V0",
"versionType": "custom"
},
{
"lessThan": "R121-V3",
"status": "affected",
"version": "R121-V0",
"versionType": "custom"
},
{
"lessThan": "R122-V3",
"status": "affected",
"version": "R122-V0",
"versionType": "custom"
},
{
"lessThan": "R123-V3",
"status": "affected",
"version": "R123-V0",
"versionType": "custom"
},
{
"lessThan": "R124-V3",
"status": "affected",
"version": "R124-V0",
"versionType": "custom"
},
{
"lessThan": "R125-V3",
"status": "affected",
"version": "R125-V0",
"versionType": "custom"
},
{
"lessThan": "R126-V4",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R127-V2",
"status": "affected",
"version": "R127-V0",
"versionType": "custom"
},
{
"lessThan": "R128-V1",
"status": "affected",
"version": "R128-V0",
"versionType": "custom"
},
{
"lessThan": "R129-V1",
"status": "affected",
"version": "R129-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sushant Mane, Parul Sindhwad, Imran Jamadar \u0026 Dr. Faruk Kazi from CoE-CNDS Lab, VJTI, Mumbai, India."
}
],
"datePublic": "2023-11-30T09:56:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An\u0026nbsp;Improper Restriction of Rendered UI Layers or Frames in the Schweitzer Engineering Laboratories SEL-411L could allow an unauthenticated attacker to perform clickjacking based attacks against an authenticated and authorized user.\u003cbr\u003e\u003cbr\u003e\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\u003cbr\u003e"
}
],
"value": "An\u00a0Improper Restriction of Rendered UI Layers or Frames in the Schweitzer Engineering Laboratories SEL-411L could allow an unauthenticated attacker to perform clickjacking based attacks against an authenticated and authorized user.\n\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-103",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-103 Clickjacking"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1021",
"description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-30T16:55:55.901Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper restriction of rendered UI layers or frames could lead to clickjacking attack",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-2265",
"datePublished": "2023-11-30T16:55:55.901Z",
"dateReserved": "2023-04-24T23:20:54.900Z",
"dateUpdated": "2024-08-02T06:19:14.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2264 (GCVE-0-2023-2264)
Vulnerability from cvelistv5 – Published: 2023-11-30 16:55 – Updated: 2025-06-03 02:31
VLAI
EPSS
VEX
Title
Improper input validition could lead to code injection
Summary
An improper input validation vulnerability in the Schweitzer Engineering Laboratories SEL-411L could allow a malicious actor to manipulate authorized users to click on a link that could allow undesired behavior.
See product Instruction Manual Appendix A dated 20230830 for more details.
Severity
4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-411L |
Affected:
R118-V0 , < R118-V4
(custom)
Affected: R119-V0 , < R119-V5 (custom) Affected: R120-V0 , < R120-V6 (custom) Affected: R121-V0 , < R121-V3 (custom) Affected: R122-V0 , < R122-V3 (custom) Affected: R123-V0 , < R123-V3 (custom) Affected: R124-V0 , < R124-V3 (custom) Affected: R125-V0 , < R125-V3 (custom) Affected: R126-V0 , < R126-V4 (custom) Affected: R127-V0 , < R127-V2 (custom) Affected: R128-V0 , < R128-V1 (custom) Affected: R129-V0 , < R129-V1 (custom) |
Date Public
2023-11-30 09:56
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:14.117Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2264",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-03T02:31:18.344412Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T02:31:35.503Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SEL-411L",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R118-V4",
"status": "affected",
"version": "R118-V0",
"versionType": "custom"
},
{
"lessThan": "R119-V5",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R120-V6",
"status": "affected",
"version": "R120-V0",
"versionType": "custom"
},
{
"lessThan": "R121-V3",
"status": "affected",
"version": "R121-V0",
"versionType": "custom"
},
{
"lessThan": "R122-V3",
"status": "affected",
"version": "R122-V0",
"versionType": "custom"
},
{
"lessThan": "R123-V3",
"status": "affected",
"version": "R123-V0",
"versionType": "custom"
},
{
"lessThan": "R124-V3",
"status": "affected",
"version": "R124-V0",
"versionType": "custom"
},
{
"lessThan": "R125-V3",
"status": "affected",
"version": "R125-V0",
"versionType": "custom"
},
{
"lessThan": "R126-V4",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R127-V2",
"status": "affected",
"version": "R127-V0",
"versionType": "custom"
},
{
"lessThan": "R128-V1",
"status": "affected",
"version": "R128-V0",
"versionType": "custom"
},
{
"lessThan": "R129-V1",
"status": "affected",
"version": "R129-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sushant Mane, Parul Sindhwad, Imran Jamadar \u0026 Dr. Faruk Kazi from CoE-CNDS Lab, VJTI, Mumbai, India."
}
],
"datePublic": "2023-11-30T09:56:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An improper input validation vulnerability in the Schweitzer Engineering Laboratories SEL-411L could allow a malicious actor to manipulate authorized users to click on a link that could allow undesired behavior.\u003cbr\u003e\u003cbr\u003e\n\n\u003cp\u003eSee product Instruction Manual Appendix A dated 20230830 for more details.\u003c/p\u003e"
}
],
"value": "An improper input validation vulnerability in the Schweitzer Engineering Laboratories SEL-411L could allow a malicious actor to manipulate authorized users to click on a link that could allow undesired behavior.\n\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-30T16:55:28.541Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper input validition could lead to code injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-2264",
"datePublished": "2023-11-30T16:55:28.541Z",
"dateReserved": "2023-04-24T23:18:40.218Z",
"dateUpdated": "2025-06-03T02:31:35.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}