Lucene search

SELCVELIST:CVE-2023-2265

HistoryNov 30, 2023 - 4:55 p.m.

CVE-2023-2265 Improper restriction of rendered UI layers or frames could lead to clickjacking attack

2023-11-3016:55:55

CWE-1021

SEL

www.cve.org

cve-2023-2265

clickjacking

sel-411l

ui layer

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

20.5%

JSON

An Improper Restriction of Rendered UI Layers or Frames in the Schweitzer Engineering Laboratories SEL-411L could allow an unauthenticated attacker to perform clickjacking based attacks against an authenticated and authorized user.

See product Instruction Manual Appendix A dated 20230830 for more details.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SEL-411L",
    "vendor": "Schweitzer Engineering Laboratories",
    "versions": [
      {
        "lessThan": "R118-V4",
        "status": "affected",
        "version": "R118-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R119-V5",
        "status": "affected",
        "version": "R119-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R120-V6",
        "status": "affected",
        "version": "R120-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R121-V3",
        "status": "affected",
        "version": "R121-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R122-V3",
        "status": "affected",
        "version": "R122-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R123-V3",
        "status": "affected",
        "version": "R123-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R124-V3",
        "status": "affected",
        "version": "R124-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R125-V3",
        "status": "affected",
        "version": "R125-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R126-V4",
        "status": "affected",
        "version": "R126-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R127-V2",
        "status": "affected",
        "version": "R127-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R128-V1",
        "status": "affected",
        "version": "R128-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R129-V1",
        "status": "affected",
        "version": "R129-V0",
        "versionType": "custom"
      }
    ]
  }
]

References

selinc.com/support/security-notifications/external-reports/

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

20.5%

JSON

Related for CVELIST:CVE-2023-2265