Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for SEL-411L by Schweitzer Engineering Laboratories

    CVE-2023-2267 (GCVE-0-2023-2267)

    Vulnerability from nvd – Published: 2023-11-30 16:58 – Updated: 2024-08-02 06:19
    VLAI
    Title
    Improper input validation could lead to reflection injection attacks
    Summary
    An Improper Input Validation vulnerability in Schweitzer Engineering Laboratories SEL-411L could allow an attacker to perform reflection attacks against an authorized and authenticated user. See product Instruction Manual Appendix A dated 20230830 for more details.
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    SEL
    Impacted products
    Vendor Product Version
    Schweitzer Engineering Laboratories SEL-411L Affected: R118-V0 , < R118-V4 (custom)
    Affected: R119-V0 , < R119-V5 (custom)
    Affected: R120-V0 , < R120-V6 (custom)
    Affected: R121-V0 , < R121-V3 (custom)
    Affected: R122-V0 , < R122-V3 (custom)
    Affected: R123-V0 , < R123-V3 (custom)
    Affected: R124-V0 , < R124-V3 (custom)
    Affected: R125-V0 , < R125-V3 (custom)
    Affected: R126-V0 , < R126-V4 (custom)
    Affected: R127-V0 , < R127-V2 (custom)
    Affected: R128-V0 , < R128-V1 (custom)
    Affected: R129-V0 , < R129-V1 (custom)
    Create a notification for this product.
    Date Public
    2023-11-30 09:56
    Credits
    Sushant Mane, Parul Sindhwad, Imran Jamadar & Dr. Faruk Kazi from CoE-CNDS Lab, VJTI, Mumbai, India.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:19:14.317Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SEL-411L",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R118-V4",
                  "status": "affected",
                  "version": "R118-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R119-V5",
                  "status": "affected",
                  "version": "R119-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R120-V6",
                  "status": "affected",
                  "version": "R120-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R121-V3",
                  "status": "affected",
                  "version": "R121-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R122-V3",
                  "status": "affected",
                  "version": "R122-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R123-V3",
                  "status": "affected",
                  "version": "R123-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R124-V3",
                  "status": "affected",
                  "version": "R124-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R125-V3",
                  "status": "affected",
                  "version": "R125-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R126-V4",
                  "status": "affected",
                  "version": "R126-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R127-V2",
                  "status": "affected",
                  "version": "R127-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R128-V1",
                  "status": "affected",
                  "version": "R128-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R129-V1",
                  "status": "affected",
                  "version": "R129-V0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Sushant Mane, Parul Sindhwad, Imran Jamadar \u0026 Dr. Faruk Kazi from CoE-CNDS Lab, VJTI, Mumbai, India."
            }
          ],
          "datePublic": "2023-11-30T09:56:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Improper Input Validation vulnerability in Schweitzer Engineering Laboratories SEL-411L could allow an attacker to perform reflection attacks against an authorized and authenticated user.\u003cbr\u003e\u003cbr\u003e\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n\u003cbr\u003e"
                }
              ],
              "value": "An Improper Input Validation vulnerability in Schweitzer Engineering Laboratories SEL-411L could allow an attacker to perform reflection attacks against an authorized and authenticated user.\n\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-138",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-138 Reflection Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-30T16:58:44.063Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper input validation could lead to reflection injection attacks",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-2267",
        "datePublished": "2023-11-30T16:58:44.063Z",
        "dateReserved": "2023-04-24T23:21:10.937Z",
        "dateUpdated": "2024-08-02T06:19:14.317Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2266 (GCVE-0-2023-2266)

    Vulnerability from nvd – Published: 2023-11-30 16:57 – Updated: 2024-08-02 06:19
    VLAI
    Title
    Improper neutralization of input during web page generation could lead to cross-site scripting based attacks
    Summary
    An Improper neutralization of input during web page generation in the Schweitzer Engineering Laboratories SEL-411L could allow an attacker to generate cross-site scripting based attacks against an authorized and authenticated user. See product Instruction Manual Appendix A dated 20230830 for more details.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    SEL
    Impacted products
    Vendor Product Version
    Schweitzer Engineering Laboratories SEL-411L Affected: R118-V0 , < R118-V4 (custom)
    Affected: R119-V0 , < R119-V5 (custom)
    Affected: R120-V0 , < R120-V6 (custom)
    Affected: R121-V0 , < R121-V3 (custom)
    Affected: R122-V0 , < R122-V3 (custom)
    Affected: R123-V0 , < R123-V3 (custom)
    Affected: R124-V0 , < R124-V3 (custom)
    Affected: R125-V0 , < R125-V3 (custom)
    Affected: R126-V0 , < R126-V4 (custom)
    Affected: R127-V0 , < R127-V2 (custom)
    Affected: R128-V0 , < R128-V1 (custom)
    Affected: R129-V0 , < R129-V1 (custom)
    Create a notification for this product.
    Date Public
    2023-11-30 09:56
    Credits
    Sushant Mane, Parul Sindhwad, Imran Jamadar & Dr. Faruk Kazi from CoE-CNDS Lab, VJTI, Mumbai, India.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:19:14.119Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SEL-411L",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R118-V4",
                  "status": "affected",
                  "version": "R118-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R119-V5",
                  "status": "affected",
                  "version": "R119-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R120-V6",
                  "status": "affected",
                  "version": "R120-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R121-V3",
                  "status": "affected",
                  "version": "R121-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R122-V3",
                  "status": "affected",
                  "version": "R122-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R123-V3",
                  "status": "affected",
                  "version": "R123-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R124-V3",
                  "status": "affected",
                  "version": "R124-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R125-V3",
                  "status": "affected",
                  "version": "R125-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R126-V4",
                  "status": "affected",
                  "version": "R126-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R127-V2",
                  "status": "affected",
                  "version": "R127-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R128-V1",
                  "status": "affected",
                  "version": "R128-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R129-V1",
                  "status": "affected",
                  "version": "R129-V0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Sushant Mane, Parul Sindhwad, Imran Jamadar \u0026 Dr. Faruk Kazi from CoE-CNDS Lab, VJTI, Mumbai, India."
            }
          ],
          "datePublic": "2023-11-30T09:56:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An\u0026nbsp;Improper neutralization of input during web page generation in the Schweitzer Engineering Laboratories SEL-411L\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould allow an attacker to generate cross-site scripting based attacks against an authorized and authenticated user.\u003cbr\u003e\u003cbr\u003e\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "An\u00a0Improper neutralization of input during web page generation in the Schweitzer Engineering Laboratories SEL-411L\u00a0could allow an attacker to generate cross-site scripting based attacks against an authorized and authenticated user.\n\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63 Cross-Site Scripting (XSS)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-30T16:58:00.174Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper neutralization of input during web page generation could lead to cross-site scripting based attacks",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-2266",
        "datePublished": "2023-11-30T16:57:34.955Z",
        "dateReserved": "2023-04-24T23:21:09.897Z",
        "dateUpdated": "2024-08-02T06:19:14.119Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2265 (GCVE-0-2023-2265)

    Vulnerability from nvd – Published: 2023-11-30 16:55 – Updated: 2024-08-02 06:19
    VLAI
    Title
    Improper restriction of rendered UI layers or frames could lead to clickjacking attack
    Summary
    An Improper Restriction of Rendered UI Layers or Frames in the Schweitzer Engineering Laboratories SEL-411L could allow an unauthenticated attacker to perform clickjacking based attacks against an authenticated and authorized user. See product Instruction Manual Appendix A dated 20230830 for more details.
    CWE
    • CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
    Assigner
    SEL
    Impacted products
    Vendor Product Version
    Schweitzer Engineering Laboratories SEL-411L Affected: R118-V0 , < R118-V4 (custom)
    Affected: R119-V0 , < R119-V5 (custom)
    Affected: R120-V0 , < R120-V6 (custom)
    Affected: R121-V0 , < R121-V3 (custom)
    Affected: R122-V0 , < R122-V3 (custom)
    Affected: R123-V0 , < R123-V3 (custom)
    Affected: R124-V0 , < R124-V3 (custom)
    Affected: R125-V0 , < R125-V3 (custom)
    Affected: R126-V0 , < R126-V4 (custom)
    Affected: R127-V0 , < R127-V2 (custom)
    Affected: R128-V0 , < R128-V1 (custom)
    Affected: R129-V0 , < R129-V1 (custom)
    Create a notification for this product.
    Date Public
    2023-11-30 09:56
    Credits
    Sushant Mane, Parul Sindhwad, Imran Jamadar & Dr. Faruk Kazi from CoE-CNDS Lab, VJTI, Mumbai, India.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:19:14.136Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SEL-411L",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R118-V4",
                  "status": "affected",
                  "version": "R118-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R119-V5",
                  "status": "affected",
                  "version": "R119-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R120-V6",
                  "status": "affected",
                  "version": "R120-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R121-V3",
                  "status": "affected",
                  "version": "R121-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R122-V3",
                  "status": "affected",
                  "version": "R122-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R123-V3",
                  "status": "affected",
                  "version": "R123-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R124-V3",
                  "status": "affected",
                  "version": "R124-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R125-V3",
                  "status": "affected",
                  "version": "R125-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R126-V4",
                  "status": "affected",
                  "version": "R126-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R127-V2",
                  "status": "affected",
                  "version": "R127-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R128-V1",
                  "status": "affected",
                  "version": "R128-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R129-V1",
                  "status": "affected",
                  "version": "R129-V0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Sushant Mane, Parul Sindhwad, Imran Jamadar \u0026 Dr. Faruk Kazi from CoE-CNDS Lab, VJTI, Mumbai, India."
            }
          ],
          "datePublic": "2023-11-30T09:56:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An\u0026nbsp;Improper Restriction of Rendered UI Layers or Frames in the Schweitzer Engineering Laboratories SEL-411L could allow an unauthenticated attacker to perform clickjacking based attacks against an authenticated and authorized user.\u003cbr\u003e\u003cbr\u003e\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\u003cbr\u003e"
                }
              ],
              "value": "An\u00a0Improper Restriction of Rendered UI Layers or Frames in the Schweitzer Engineering Laboratories SEL-411L could allow an unauthenticated attacker to perform clickjacking based attacks against an authenticated and authorized user.\n\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-103",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-103 Clickjacking"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1021",
                  "description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-30T16:55:55.901Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper restriction of rendered UI layers or frames could lead to clickjacking attack",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-2265",
        "datePublished": "2023-11-30T16:55:55.901Z",
        "dateReserved": "2023-04-24T23:20:54.900Z",
        "dateUpdated": "2024-08-02T06:19:14.136Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2264 (GCVE-0-2023-2264)

    Vulnerability from nvd – Published: 2023-11-30 16:55 – Updated: 2025-06-03 02:31
    VLAI
    Title
    Improper input validition could lead to code injection
    Summary
    An improper input validation vulnerability in the Schweitzer Engineering Laboratories SEL-411L could allow a malicious actor to manipulate authorized users to click on a link that could allow undesired behavior. See product Instruction Manual Appendix A dated 20230830 for more details.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    SEL
    Impacted products
    Vendor Product Version
    Schweitzer Engineering Laboratories SEL-411L Affected: R118-V0 , < R118-V4 (custom)
    Affected: R119-V0 , < R119-V5 (custom)
    Affected: R120-V0 , < R120-V6 (custom)
    Affected: R121-V0 , < R121-V3 (custom)
    Affected: R122-V0 , < R122-V3 (custom)
    Affected: R123-V0 , < R123-V3 (custom)
    Affected: R124-V0 , < R124-V3 (custom)
    Affected: R125-V0 , < R125-V3 (custom)
    Affected: R126-V0 , < R126-V4 (custom)
    Affected: R127-V0 , < R127-V2 (custom)
    Affected: R128-V0 , < R128-V1 (custom)
    Affected: R129-V0 , < R129-V1 (custom)
    Create a notification for this product.
    Date Public
    2023-11-30 09:56
    Credits
    Sushant Mane, Parul Sindhwad, Imran Jamadar & Dr. Faruk Kazi from CoE-CNDS Lab, VJTI, Mumbai, India.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:19:14.117Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2264",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-03T02:31:18.344412Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-03T02:31:35.503Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SEL-411L",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R118-V4",
                  "status": "affected",
                  "version": "R118-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R119-V5",
                  "status": "affected",
                  "version": "R119-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R120-V6",
                  "status": "affected",
                  "version": "R120-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R121-V3",
                  "status": "affected",
                  "version": "R121-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R122-V3",
                  "status": "affected",
                  "version": "R122-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R123-V3",
                  "status": "affected",
                  "version": "R123-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R124-V3",
                  "status": "affected",
                  "version": "R124-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R125-V3",
                  "status": "affected",
                  "version": "R125-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R126-V4",
                  "status": "affected",
                  "version": "R126-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R127-V2",
                  "status": "affected",
                  "version": "R127-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R128-V1",
                  "status": "affected",
                  "version": "R128-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R129-V1",
                  "status": "affected",
                  "version": "R129-V0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Sushant Mane, Parul Sindhwad, Imran Jamadar \u0026 Dr. Faruk Kazi from CoE-CNDS Lab, VJTI, Mumbai, India."
            }
          ],
          "datePublic": "2023-11-30T09:56:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An improper input validation vulnerability in the Schweitzer Engineering Laboratories SEL-411L could allow a malicious actor to manipulate authorized users to click on a link that could allow undesired behavior.\u003cbr\u003e\u003cbr\u003e\n\n\u003cp\u003eSee product Instruction Manual Appendix A dated 20230830 for more details.\u003c/p\u003e"
                }
              ],
              "value": "An improper input validation vulnerability in the Schweitzer Engineering Laboratories SEL-411L could allow a malicious actor to manipulate authorized users to click on a link that could allow undesired behavior.\n\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242 Code Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-30T16:55:28.541Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper input validition could lead to code injection",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-2264",
        "datePublished": "2023-11-30T16:55:28.541Z",
        "dateReserved": "2023-04-24T23:18:40.218Z",
        "dateUpdated": "2025-06-03T02:31:35.503Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2267 (GCVE-0-2023-2267)

    Vulnerability from cvelistv5 – Published: 2023-11-30 16:58 – Updated: 2024-08-02 06:19
    VLAI
    Title
    Improper input validation could lead to reflection injection attacks
    Summary
    An Improper Input Validation vulnerability in Schweitzer Engineering Laboratories SEL-411L could allow an attacker to perform reflection attacks against an authorized and authenticated user. See product Instruction Manual Appendix A dated 20230830 for more details.
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    SEL
    Impacted products
    Vendor Product Version
    Schweitzer Engineering Laboratories SEL-411L Affected: R118-V0 , < R118-V4 (custom)
    Affected: R119-V0 , < R119-V5 (custom)
    Affected: R120-V0 , < R120-V6 (custom)
    Affected: R121-V0 , < R121-V3 (custom)
    Affected: R122-V0 , < R122-V3 (custom)
    Affected: R123-V0 , < R123-V3 (custom)
    Affected: R124-V0 , < R124-V3 (custom)
    Affected: R125-V0 , < R125-V3 (custom)
    Affected: R126-V0 , < R126-V4 (custom)
    Affected: R127-V0 , < R127-V2 (custom)
    Affected: R128-V0 , < R128-V1 (custom)
    Affected: R129-V0 , < R129-V1 (custom)
    Create a notification for this product.
    Date Public
    2023-11-30 09:56
    Credits
    Sushant Mane, Parul Sindhwad, Imran Jamadar & Dr. Faruk Kazi from CoE-CNDS Lab, VJTI, Mumbai, India.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:19:14.317Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SEL-411L",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R118-V4",
                  "status": "affected",
                  "version": "R118-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R119-V5",
                  "status": "affected",
                  "version": "R119-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R120-V6",
                  "status": "affected",
                  "version": "R120-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R121-V3",
                  "status": "affected",
                  "version": "R121-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R122-V3",
                  "status": "affected",
                  "version": "R122-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R123-V3",
                  "status": "affected",
                  "version": "R123-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R124-V3",
                  "status": "affected",
                  "version": "R124-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R125-V3",
                  "status": "affected",
                  "version": "R125-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R126-V4",
                  "status": "affected",
                  "version": "R126-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R127-V2",
                  "status": "affected",
                  "version": "R127-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R128-V1",
                  "status": "affected",
                  "version": "R128-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R129-V1",
                  "status": "affected",
                  "version": "R129-V0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Sushant Mane, Parul Sindhwad, Imran Jamadar \u0026 Dr. Faruk Kazi from CoE-CNDS Lab, VJTI, Mumbai, India."
            }
          ],
          "datePublic": "2023-11-30T09:56:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Improper Input Validation vulnerability in Schweitzer Engineering Laboratories SEL-411L could allow an attacker to perform reflection attacks against an authorized and authenticated user.\u003cbr\u003e\u003cbr\u003e\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n\u003cbr\u003e"
                }
              ],
              "value": "An Improper Input Validation vulnerability in Schweitzer Engineering Laboratories SEL-411L could allow an attacker to perform reflection attacks against an authorized and authenticated user.\n\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-138",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-138 Reflection Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-30T16:58:44.063Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper input validation could lead to reflection injection attacks",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-2267",
        "datePublished": "2023-11-30T16:58:44.063Z",
        "dateReserved": "2023-04-24T23:21:10.937Z",
        "dateUpdated": "2024-08-02T06:19:14.317Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2266 (GCVE-0-2023-2266)

    Vulnerability from cvelistv5 – Published: 2023-11-30 16:57 – Updated: 2024-08-02 06:19
    VLAI
    Title
    Improper neutralization of input during web page generation could lead to cross-site scripting based attacks
    Summary
    An Improper neutralization of input during web page generation in the Schweitzer Engineering Laboratories SEL-411L could allow an attacker to generate cross-site scripting based attacks against an authorized and authenticated user. See product Instruction Manual Appendix A dated 20230830 for more details.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    SEL
    Impacted products
    Vendor Product Version
    Schweitzer Engineering Laboratories SEL-411L Affected: R118-V0 , < R118-V4 (custom)
    Affected: R119-V0 , < R119-V5 (custom)
    Affected: R120-V0 , < R120-V6 (custom)
    Affected: R121-V0 , < R121-V3 (custom)
    Affected: R122-V0 , < R122-V3 (custom)
    Affected: R123-V0 , < R123-V3 (custom)
    Affected: R124-V0 , < R124-V3 (custom)
    Affected: R125-V0 , < R125-V3 (custom)
    Affected: R126-V0 , < R126-V4 (custom)
    Affected: R127-V0 , < R127-V2 (custom)
    Affected: R128-V0 , < R128-V1 (custom)
    Affected: R129-V0 , < R129-V1 (custom)
    Create a notification for this product.
    Date Public
    2023-11-30 09:56
    Credits
    Sushant Mane, Parul Sindhwad, Imran Jamadar & Dr. Faruk Kazi from CoE-CNDS Lab, VJTI, Mumbai, India.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:19:14.119Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SEL-411L",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R118-V4",
                  "status": "affected",
                  "version": "R118-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R119-V5",
                  "status": "affected",
                  "version": "R119-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R120-V6",
                  "status": "affected",
                  "version": "R120-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R121-V3",
                  "status": "affected",
                  "version": "R121-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R122-V3",
                  "status": "affected",
                  "version": "R122-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R123-V3",
                  "status": "affected",
                  "version": "R123-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R124-V3",
                  "status": "affected",
                  "version": "R124-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R125-V3",
                  "status": "affected",
                  "version": "R125-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R126-V4",
                  "status": "affected",
                  "version": "R126-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R127-V2",
                  "status": "affected",
                  "version": "R127-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R128-V1",
                  "status": "affected",
                  "version": "R128-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R129-V1",
                  "status": "affected",
                  "version": "R129-V0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Sushant Mane, Parul Sindhwad, Imran Jamadar \u0026 Dr. Faruk Kazi from CoE-CNDS Lab, VJTI, Mumbai, India."
            }
          ],
          "datePublic": "2023-11-30T09:56:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An\u0026nbsp;Improper neutralization of input during web page generation in the Schweitzer Engineering Laboratories SEL-411L\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould allow an attacker to generate cross-site scripting based attacks against an authorized and authenticated user.\u003cbr\u003e\u003cbr\u003e\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "An\u00a0Improper neutralization of input during web page generation in the Schweitzer Engineering Laboratories SEL-411L\u00a0could allow an attacker to generate cross-site scripting based attacks against an authorized and authenticated user.\n\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63 Cross-Site Scripting (XSS)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-30T16:58:00.174Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper neutralization of input during web page generation could lead to cross-site scripting based attacks",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-2266",
        "datePublished": "2023-11-30T16:57:34.955Z",
        "dateReserved": "2023-04-24T23:21:09.897Z",
        "dateUpdated": "2024-08-02T06:19:14.119Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2265 (GCVE-0-2023-2265)

    Vulnerability from cvelistv5 – Published: 2023-11-30 16:55 – Updated: 2024-08-02 06:19
    VLAI
    Title
    Improper restriction of rendered UI layers or frames could lead to clickjacking attack
    Summary
    An Improper Restriction of Rendered UI Layers or Frames in the Schweitzer Engineering Laboratories SEL-411L could allow an unauthenticated attacker to perform clickjacking based attacks against an authenticated and authorized user. See product Instruction Manual Appendix A dated 20230830 for more details.
    CWE
    • CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
    Assigner
    SEL
    Impacted products
    Vendor Product Version
    Schweitzer Engineering Laboratories SEL-411L Affected: R118-V0 , < R118-V4 (custom)
    Affected: R119-V0 , < R119-V5 (custom)
    Affected: R120-V0 , < R120-V6 (custom)
    Affected: R121-V0 , < R121-V3 (custom)
    Affected: R122-V0 , < R122-V3 (custom)
    Affected: R123-V0 , < R123-V3 (custom)
    Affected: R124-V0 , < R124-V3 (custom)
    Affected: R125-V0 , < R125-V3 (custom)
    Affected: R126-V0 , < R126-V4 (custom)
    Affected: R127-V0 , < R127-V2 (custom)
    Affected: R128-V0 , < R128-V1 (custom)
    Affected: R129-V0 , < R129-V1 (custom)
    Create a notification for this product.
    Date Public
    2023-11-30 09:56
    Credits
    Sushant Mane, Parul Sindhwad, Imran Jamadar & Dr. Faruk Kazi from CoE-CNDS Lab, VJTI, Mumbai, India.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:19:14.136Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SEL-411L",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R118-V4",
                  "status": "affected",
                  "version": "R118-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R119-V5",
                  "status": "affected",
                  "version": "R119-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R120-V6",
                  "status": "affected",
                  "version": "R120-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R121-V3",
                  "status": "affected",
                  "version": "R121-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R122-V3",
                  "status": "affected",
                  "version": "R122-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R123-V3",
                  "status": "affected",
                  "version": "R123-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R124-V3",
                  "status": "affected",
                  "version": "R124-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R125-V3",
                  "status": "affected",
                  "version": "R125-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R126-V4",
                  "status": "affected",
                  "version": "R126-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R127-V2",
                  "status": "affected",
                  "version": "R127-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R128-V1",
                  "status": "affected",
                  "version": "R128-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R129-V1",
                  "status": "affected",
                  "version": "R129-V0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Sushant Mane, Parul Sindhwad, Imran Jamadar \u0026 Dr. Faruk Kazi from CoE-CNDS Lab, VJTI, Mumbai, India."
            }
          ],
          "datePublic": "2023-11-30T09:56:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An\u0026nbsp;Improper Restriction of Rendered UI Layers or Frames in the Schweitzer Engineering Laboratories SEL-411L could allow an unauthenticated attacker to perform clickjacking based attacks against an authenticated and authorized user.\u003cbr\u003e\u003cbr\u003e\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\u003cbr\u003e"
                }
              ],
              "value": "An\u00a0Improper Restriction of Rendered UI Layers or Frames in the Schweitzer Engineering Laboratories SEL-411L could allow an unauthenticated attacker to perform clickjacking based attacks against an authenticated and authorized user.\n\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-103",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-103 Clickjacking"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1021",
                  "description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-30T16:55:55.901Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper restriction of rendered UI layers or frames could lead to clickjacking attack",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-2265",
        "datePublished": "2023-11-30T16:55:55.901Z",
        "dateReserved": "2023-04-24T23:20:54.900Z",
        "dateUpdated": "2024-08-02T06:19:14.136Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2264 (GCVE-0-2023-2264)

    Vulnerability from cvelistv5 – Published: 2023-11-30 16:55 – Updated: 2025-06-03 02:31
    VLAI
    Title
    Improper input validition could lead to code injection
    Summary
    An improper input validation vulnerability in the Schweitzer Engineering Laboratories SEL-411L could allow a malicious actor to manipulate authorized users to click on a link that could allow undesired behavior. See product Instruction Manual Appendix A dated 20230830 for more details.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    SEL
    Impacted products
    Vendor Product Version
    Schweitzer Engineering Laboratories SEL-411L Affected: R118-V0 , < R118-V4 (custom)
    Affected: R119-V0 , < R119-V5 (custom)
    Affected: R120-V0 , < R120-V6 (custom)
    Affected: R121-V0 , < R121-V3 (custom)
    Affected: R122-V0 , < R122-V3 (custom)
    Affected: R123-V0 , < R123-V3 (custom)
    Affected: R124-V0 , < R124-V3 (custom)
    Affected: R125-V0 , < R125-V3 (custom)
    Affected: R126-V0 , < R126-V4 (custom)
    Affected: R127-V0 , < R127-V2 (custom)
    Affected: R128-V0 , < R128-V1 (custom)
    Affected: R129-V0 , < R129-V1 (custom)
    Create a notification for this product.
    Date Public
    2023-11-30 09:56
    Credits
    Sushant Mane, Parul Sindhwad, Imran Jamadar & Dr. Faruk Kazi from CoE-CNDS Lab, VJTI, Mumbai, India.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:19:14.117Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2264",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-03T02:31:18.344412Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-03T02:31:35.503Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SEL-411L",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R118-V4",
                  "status": "affected",
                  "version": "R118-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R119-V5",
                  "status": "affected",
                  "version": "R119-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R120-V6",
                  "status": "affected",
                  "version": "R120-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R121-V3",
                  "status": "affected",
                  "version": "R121-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R122-V3",
                  "status": "affected",
                  "version": "R122-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R123-V3",
                  "status": "affected",
                  "version": "R123-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R124-V3",
                  "status": "affected",
                  "version": "R124-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R125-V3",
                  "status": "affected",
                  "version": "R125-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R126-V4",
                  "status": "affected",
                  "version": "R126-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R127-V2",
                  "status": "affected",
                  "version": "R127-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R128-V1",
                  "status": "affected",
                  "version": "R128-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R129-V1",
                  "status": "affected",
                  "version": "R129-V0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Sushant Mane, Parul Sindhwad, Imran Jamadar \u0026 Dr. Faruk Kazi from CoE-CNDS Lab, VJTI, Mumbai, India."
            }
          ],
          "datePublic": "2023-11-30T09:56:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An improper input validation vulnerability in the Schweitzer Engineering Laboratories SEL-411L could allow a malicious actor to manipulate authorized users to click on a link that could allow undesired behavior.\u003cbr\u003e\u003cbr\u003e\n\n\u003cp\u003eSee product Instruction Manual Appendix A dated 20230830 for more details.\u003c/p\u003e"
                }
              ],
              "value": "An improper input validation vulnerability in the Schweitzer Engineering Laboratories SEL-411L could allow a malicious actor to manipulate authorized users to click on a link that could allow undesired behavior.\n\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242 Code Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-30T16:55:28.541Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper input validition could lead to code injection",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-2264",
        "datePublished": "2023-11-30T16:55:28.541Z",
        "dateReserved": "2023-04-24T23:18:40.218Z",
        "dateUpdated": "2025-06-03T02:31:35.503Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }