1. EXECUTIVE SUMMARY
- CVSS v3 4.3
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Schweitzer Engineering Laboratories
- Equipment: SEL-411L
- Vulnerability: Improper Restriction of Rendered UI Layers or Frames
2. RISK EVALUATION
Successful exploitation of this vulnerability could expose authorized users to clickjacking attacks.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of the Schweitzer Engineering Laboratories SEL-411L are affected:
- R118: V0 – V4
- R119: V0 – V5
- R120: V0 – V6
- R121: V0 – V3
- R122: V0 – V3
- R123: V0 – V3
- R124: V0 – V3
- R125: V0 – V3
- R126: V0 – V4
- R127: V0 – V2
- R128: V0 – V1
- R129: V0 – V1
3.2 Vulnerability Overview
3.2.1 IMPROPER RESTRICTION OF RENDERED UI LAYERS OR FRAMES CWE-1021
An Improper Restriction of Rendered UI Layers or Frames in the Schweitzer Engineering Laboratories SEL-411L could allow an unauthenticated attacker to perform clickjacking-based attacks against an authenticated and authorized user.
CVE-2023-2265 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).
3.3 BACKGROUND
- CRITICAL INFRASTRUCTURE SECTORS: Energy
- COUNTRIES/AREAS DEPLOYED: Worldwide
- COMPANY HEADQUARTERS LOCATION: United States
3.4 RESEARCHER
Sushant Mane, Parul Sindhwad, Imran Jamadar, and Dr. Faruk Kazi of CoE-CNDS Lab, VJTI, Mumbai, India reported this vulnerability to Schweitzer Engineering Laboratories.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from All CISA Advisories
Read the original article:
Read the original article: