Improper input validition could lead to code injection
CVE-2023-2264

7.8HIGH

Key Information:

Vendor: Schweitzer Engineering Laboratories
Status: SEL-411L
Vendor: CVE Published:; 30 November 2023

What is CVE-2023-2264?

The SEL-411L device by Schweitzer Engineering Laboratories contains a vulnerability related to improper input validation. This flaw can potentially enable a malicious actor to manipulate legitimate users into clicking on malicious links, leading to unwanted or harmful actions. It is imperative for users of this device to review the instruction manual for detailed information and to ensure they are protected against potential exploitation.

Affected Version(s)

SEL-411L R118-V0

SEL-411L R119-V0

SEL-411L R120-V0

References

https://selinc.com/support/security-notifications/externa...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 30, 2023
Vulnerability Reserved
Apr 24, 2023

Credit

Sushant Mane, Parul Sindhwad, Imran Jamadar & Dr. Faruk Kazi from CoE-CNDS Lab, VJTI, Mumbai, India.