CyberSecurityBoard
Sponsor Register Login

Schweitzer Engineering Laboratories SEL-411L

RISK EVALUATION. Successful exploitation of this vulnerability could expose authorized users to clickjacking attacks.
An Improper Restriction of Rendered UI Layers or Frames in the Schweitzer Engineering Laboratories SEL-411L could allow an unauthenticated attacker to perform clickjacking-based attacks against an authenticated and authorized user.
CVE-2023-2265 has been assigned to this vulnerability.
A CVSS v3.1 base score of 4.3 has been calculated; the CVSS vector string is.
MITIGATIONS. Schweitzer Engineering Laboratories has distributed patches to appropriate asset owners.
Schweitzer Engineering Laboratories also recommends users see product Instruction Manual Appendix A dated 20230830 for more details.
Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Locate control system networks and remote devices behind firewalls and isolating them from business networks.
When remote access is required, use more secure methods, such as Virtual Private Networks, recognizing VPNs may have vulnerabilities and should be updated to the most current version available.
Also recognize VPN is only as secure as the connected devices.
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.
Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.
Gov/ics in the technical information paper, ICS-TIP-12-146-01B-Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.


This Cyber News was published on www.cisa.gov. Publication date: Thu, 07 Dec 2023 17:00:27 +0000


Cyber News related to Schweitzer Engineering Laboratories SEL-411L

Vulnerability Summary for the Week of November 27, 2023 - PrimaryVendor - Product apple - multiple products Description A memory corruption vulnerability was addressed with improved locking. Published 2023-12-01 CVSS Score not yet calculated Source & Patch Info CVE-2023-48842 PrimaryVendor - Product dell - ...
11 months ago Cisa.gov
Schweitzer Engineering Laboratories SEL-411L - RISK EVALUATION. Successful exploitation of this vulnerability could expose authorized users to clickjacking attacks. An Improper Restriction of Rendered UI Layers or Frames in the Schweitzer Engineering Laboratories SEL-411L could allow an ...
11 months ago Cisa.gov
CVE-2023-31167 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Schweitzer Engineering Laboratories SEL-5036 acSELerator Bay Screen Builder Software on Windows allows Relative Path Traversal. ...
1 year ago
CVE-2024-2103 - Inclusion of undocumented features vulnerability accessible when logged on with a privileged access level on the following Schweitzer Engineering Laboratories relays could allow the relay to behave unpredictably: SEL-700BT Motor Bus Transfer Relay, ...
7 months ago Tenable.com
Social Engineering Attacks: Tactics and Prevention - Social engineering attacks have become a significant concern in today's digital landscape, posing serious risks to the security and sensitive information of individuals and organizations. By comprehending these tactics and implementing preventive ...
9 months ago Securityzap.com
Social Engineering: The Art of Human Hacking - Social engineering exploits this vulnerability by manipulating human psychology and emotions to gain unauthorized access to systems and data. Rather than directly breaking cyber defenses, social engineering tactics exploit human vulnerabilities - ...
11 months ago Offsec.com
CVE-2013-2798 - Schweitzer Engineering Laboratories (SEL) SEL-2241, SEL-3505, and SEL-3530 RTAC master devices allow physically proximate attackers to cause a denial of service (infinite loop) via crafted input over a serial line. ...
11 years ago
CVE-2013-2792 - Schweitzer Engineering Laboratories (SEL) SEL-2241, SEL-3505, and SEL-3530 RTAC master devices allow remote attackers to cause a denial of service (infinite loop) via a crafted DNP3 TCP packet. ...
11 years ago
CVE-2023-31174 - ...
1 year ago
CVE-2023-31175 - ...
1 year ago
CVE-2023-31173 - Use of Hard-coded Credentials vulnerability in Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator on Windows allows Authentication Bypass. ...
1 year ago
CVE-2023-34392 - ...
1 year ago
How software engineering will evolve in 2024 - From artificial intelligence and digital twin technologies, to platform engineering rooted in devops principles, to chaos engineering techniques that enhance resilience, to the expanded use of internal developer portals that boost productivity, ...
10 months ago Infoworld.com
Alkem Laboratories Future-Proofs Security Infrastructure with Check Point Software Technologies - Alkem Laboratories is a leading pharmaceutical company with over 23 manufacturing facilities in India and the United States of America. The very nature of their work makes Alkem Laboratories a target for cyber criminals who are eager to get ahold of ...
10 months ago Blog.checkpoint.com
CVE-2017-7928 - An Improper Access Control issue was discovered in Schweitzer Engineering Laboratories (SEL) SEL-3620 and SEL-3622 Security Gateway Versions R202 and, R203, R203-V1, R203-V2 and, R204, R204-V1. The device does not properly enforce access control ...
5 years ago
Hacker Conversations: Stephanie 'Snow' Carruthers, Chief People Hacker at IBM X-Force Red - Social engineering is effectively hacking human thought processes. Social engineering is a major factor in the overall process but is not directly part of repurposing electronic systems. A social engineer is usually classified as a hacker, and is ...
8 months ago Securityweek.com
CVE-2023-31159 - ...
1 year ago
CVE-2023-31160 - ...
1 year ago
CVE-2023-31164 - ...
1 year ago
CVE-2023-31165 - ...
1 year ago
CVE-2023-31166 - An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to ...
1 year ago
CVE-2023-31153 - An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated ...
1 year ago
CVE-2023-31154 - ...
1 year ago
CVE-2023-31155 - ...
1 year ago
CVE-2023-31157 - ...
1 year ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)