Lucene search

SELCVELIST:CVE-2023-2264

HistoryNov 30, 2023 - 4:55 p.m.

CVE-2023-2264 Improper input validition could lead to code injection

2023-11-3016:55:28

CWE-20

SEL

www.cve.org

cve-2023-2264

input validation

schweitzer engineering laboratories

code injection

authorized users

product manual

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

AI Score

7.7

Confidence

High

EPSS

Percentile

9.0%

JSON

An improper input validation vulnerability in the Schweitzer Engineering Laboratories SEL-411L could allow a malicious actor to manipulate authorized users to click on a link that could allow undesired behavior.

See product Instruction Manual Appendix A dated 20230830 for more details.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SEL-411L",
    "vendor": "Schweitzer Engineering Laboratories",
    "versions": [
      {
        "lessThan": "R118-V4",
        "status": "affected",
        "version": "R118-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R119-V5",
        "status": "affected",
        "version": "R119-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R120-V6",
        "status": "affected",
        "version": "R120-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R121-V3",
        "status": "affected",
        "version": "R121-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R122-V3",
        "status": "affected",
        "version": "R122-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R123-V3",
        "status": "affected",
        "version": "R123-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R124-V3",
        "status": "affected",
        "version": "R124-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R125-V3",
        "status": "affected",
        "version": "R125-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R126-V4",
        "status": "affected",
        "version": "R126-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R127-V2",
        "status": "affected",
        "version": "R127-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R128-V1",
        "status": "affected",
        "version": "R128-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R129-V1",
        "status": "affected",
        "version": "R129-V0",
        "versionType": "custom"
      }
    ]
  }
]

References

selinc.com/support/security-notifications/external-reports/