Search criteria
38 vulnerabilities found for SEL-3530-4 by Schweitzer Engineering Laboratories
VAR-201308-0168
Vulnerability from variot - Updated: 2023-12-18 12:21Schweitzer Engineering Laboratories (SEL) SEL-2241, SEL-3505, and SEL-3530 RTAC master devices allow physically proximate attackers to cause a denial of service (infinite loop) via crafted input over a serial line. Schweitzer Engineering Laboratories is a leading manufacturer in Washington State, USA, and is a leader in power system relay protection, control, monitoring, metering and SCADA. Under certain conditions, the DNP3 driver will automatically restart and resume communication, but in severe cases, the device ALARM contact will trigger an assertion and need to reload the device driver settings. The affected products are as follows: SEL-3530-R100 -V0-Z001001-D20090915 - SEL-3530- SEL-3530-R123-V0-Z002001SEL-3530-4-R107-V0-Z001001-D20100818 - SEL-3530-4-R123 -V0-Z002001-D20130117SEL-3505-R119-V0-Z001001-D20120720 - SEL-3505-R123-V0-Z002001-D20130117SEL-2241-R113-V0-Z001001-D20110721 - SEL-2241-R123-V0-Z002001-D20130117. Schweitzer Engineering Laboratories multiple devices are prone to a local denial-of-service vulnerability. An attacker can exploit this issue to crash the affected device, denying service to legitimate users. NOTE: To exploit this issue, local access to the serial-based outstation is required
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201308-0168",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sel-3530-4",
"scope": "eq",
"trust": 1.6,
"vendor": "selinc",
"version": "r107-v0-z001001-d20100818"
},
{
"model": "sel-2241",
"scope": "eq",
"trust": 1.6,
"vendor": "selinc",
"version": "r113-v0-z001001-d20110721"
},
{
"model": "sel-3530",
"scope": "eq",
"trust": 1.6,
"vendor": "selinc",
"version": "r100_-v0-z001001-d20090915"
},
{
"model": "sel-3530",
"scope": "eq",
"trust": 1.6,
"vendor": "selinc",
"version": "r123-v0-z002001"
},
{
"model": "sel-3505",
"scope": "eq",
"trust": 1.6,
"vendor": "selinc",
"version": "r123-v0-z002001-d20130117"
},
{
"model": "sel-3530-4",
"scope": "eq",
"trust": 1.6,
"vendor": "selinc",
"version": "r123-v0-z002001-d20130117"
},
{
"model": "sel-3505",
"scope": "eq",
"trust": 1.6,
"vendor": "selinc",
"version": "r119-v0-z001001-d20120720"
},
{
"model": "sel-2241",
"scope": "eq",
"trust": 1.6,
"vendor": "selinc",
"version": "r123-v0-z002001-d20130117"
},
{
"model": "sel-2241",
"scope": "eq",
"trust": 0.8,
"vendor": "schweitzer engineering laboratories",
"version": "r113-v0-z001001-d20110721 to sel-2241-r123-v0-z002001-d20130117"
},
{
"model": "sel-3505",
"scope": "eq",
"trust": 0.8,
"vendor": "schweitzer engineering laboratories",
"version": "r119-v0-z001001-d20120720 to sel-3505-r123-v0-z002001-d20130117"
},
{
"model": "sel-3530",
"scope": "eq",
"trust": 0.8,
"vendor": "schweitzer engineering laboratories",
"version": "r100 -v0-z001001-d20090915 to sel-3530- sel-3530-r123-v0-z002001"
},
{
"model": "sel-3530-4",
"scope": "eq",
"trust": 0.8,
"vendor": "schweitzer engineering laboratories",
"version": "r107-v0-z001001-d20100818 to sel-3530-4-r123-v0-z002001-d20130117"
},
{
"model": "engineering laboratories sel-3530 rtac",
"scope": null,
"trust": 0.6,
"vendor": "schweitzer",
"version": null
},
{
"model": "engineering laboratories sel-3505 rtac",
"scope": null,
"trust": 0.6,
"vendor": "schweitzer",
"version": null
},
{
"model": "engineering laboratories sel-2241 rtac",
"scope": null,
"trust": 0.6,
"vendor": "schweitzer",
"version": null
},
{
"model": "sel-3530-se-3530-r123-v0-z002001",
"scope": "eq",
"trust": 0.3,
"vendor": "schweitzer engineering laboratories",
"version": "0"
},
{
"model": "sel-3530-r100 -v0-z001001-d20090915",
"scope": "eq",
"trust": 0.3,
"vendor": "schweitzer engineering laboratories",
"version": "0"
},
{
"model": "sel-3530-4-r123-v0-z002001-d20130117",
"scope": "eq",
"trust": 0.3,
"vendor": "schweitzer engineering laboratories",
"version": "0"
},
{
"model": "sel-3530-4-r107-v0-z001001-d20100818",
"scope": "eq",
"trust": 0.3,
"vendor": "schweitzer engineering laboratories",
"version": "0"
},
{
"model": "sel-3505-r123-v0-z002001-d20130117",
"scope": "eq",
"trust": 0.3,
"vendor": "schweitzer engineering laboratories",
"version": "0"
},
{
"model": "sel-3505-r119-v0-z001001-d20120720",
"scope": "eq",
"trust": 0.3,
"vendor": "schweitzer engineering laboratories",
"version": "0"
},
{
"model": "sel-2241-r123-v0-z002001-d20130117",
"scope": "eq",
"trust": 0.3,
"vendor": "schweitzer engineering laboratories",
"version": "0"
},
{
"model": "sel-2241-r113-v0-z001001-d20110721",
"scope": "eq",
"trust": 0.3,
"vendor": "schweitzer engineering laboratories",
"version": "0"
},
{
"model": "r113-v0-z001001-d20110721",
"scope": null,
"trust": 0.2,
"vendor": "sel 2241",
"version": null
},
{
"model": "r123-v0-z002001-d20130117",
"scope": null,
"trust": 0.2,
"vendor": "sel 2241",
"version": null
},
{
"model": "r119-v0-z001001-d20120720",
"scope": null,
"trust": 0.2,
"vendor": "sel 3505",
"version": null
},
{
"model": "r123-v0-z002001-d20130117",
"scope": null,
"trust": 0.2,
"vendor": "sel 3505",
"version": null
},
{
"model": "r100 -v0-z001001-d20090915",
"scope": null,
"trust": 0.2,
"vendor": "sel 3530",
"version": null
},
{
"model": "r123-v0-z002001",
"scope": null,
"trust": 0.2,
"vendor": "sel 3530",
"version": null
},
{
"model": "r107-v0-z001001-d20100818",
"scope": null,
"trust": 0.2,
"vendor": "sel 3530 4",
"version": null
},
{
"model": "r123-v0-z002001-d20130117",
"scope": null,
"trust": 0.2,
"vendor": "sel 3530 4",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "c94d5dc4-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-12159"
},
{
"db": "BID",
"id": "61667"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003716"
},
{
"db": "NVD",
"id": "CVE-2013-2798"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-131"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:selinc:sel-2241:r113-v0-z001001-d20110721:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:selinc:sel-3530:r123-v0-z002001:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:selinc:sel-3505:r119-v0-z001001-d20120720:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:selinc:sel-3505:r123-v0-z002001-d20130117:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:selinc:sel-3530-4:r107-v0-z001001-d20100818:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:selinc:sel-3530-4:r123-v0-z002001-d20130117:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:selinc:sel-3530:r100_-v0-z001001-d20090915:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:selinc:sel-2241:r123-v0-z002001-d20130117:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2798"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adam Crain of Automatak and Chris Sistrunk",
"sources": [
{
"db": "BID",
"id": "61667"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-131"
}
],
"trust": 0.9
},
"cve": "CVE-2013-2798",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 4.7,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.4,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 4.7,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2013-2798",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 4.7,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.4,
"id": "CNVD-2013-12159",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 4.7,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.4,
"id": "c94d5dc4-2352-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-2798",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2013-12159",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201308-131",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "c94d5dc4-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "c94d5dc4-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-12159"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003716"
},
{
"db": "NVD",
"id": "CVE-2013-2798"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-131"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schweitzer Engineering Laboratories (SEL) SEL-2241, SEL-3505, and SEL-3530 RTAC master devices allow physically proximate attackers to cause a denial of service (infinite loop) via crafted input over a serial line. Schweitzer Engineering Laboratories is a leading manufacturer in Washington State, USA, and is a leader in power system relay protection, control, monitoring, metering and SCADA. Under certain conditions, the DNP3 driver will automatically restart and resume communication, but in severe cases, the device ALARM contact will trigger an assertion and need to reload the device driver settings. The affected products are as follows: SEL-3530-R100 -V0-Z001001-D20090915 - SEL-3530- SEL-3530-R123-V0-Z002001SEL-3530-4-R107-V0-Z001001-D20100818 - SEL-3530-4-R123 -V0-Z002001-D20130117SEL-3505-R119-V0-Z001001-D20120720 - SEL-3505-R123-V0-Z002001-D20130117SEL-2241-R113-V0-Z001001-D20110721 - SEL-2241-R123-V0-Z002001-D20130117. Schweitzer Engineering Laboratories multiple devices are prone to a local denial-of-service vulnerability. \nAn attacker can exploit this issue to crash the affected device, denying service to legitimate users. \nNOTE: To exploit this issue, local access to the serial-based outstation is required",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2798"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003716"
},
{
"db": "CNVD",
"id": "CNVD-2013-12159"
},
{
"db": "BID",
"id": "61667"
},
{
"db": "IVD",
"id": "c94d5dc4-2352-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-2798",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-13-219-01",
"trust": 3.3
},
{
"db": "BID",
"id": "61667",
"trust": 1.5
},
{
"db": "CNVD",
"id": "CNVD-2013-12159",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201308-131",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003716",
"trust": 0.8
},
{
"db": "IVD",
"id": "C94D5DC4-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "c94d5dc4-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-12159"
},
{
"db": "BID",
"id": "61667"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003716"
},
{
"db": "NVD",
"id": "CVE-2013-2798"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-131"
}
]
},
"id": "VAR-201308-0168",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "c94d5dc4-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-12159"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "c94d5dc4-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-12159"
}
]
},
"last_update_date": "2023-12-18T12:21:39.815000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.selinc.com/default.aspx"
},
{
"title": "SEL-2241 RTAC",
"trust": 0.8,
"url": "https://www.selinc.com/workarea/downloadasset.aspx?id=97914"
},
{
"title": "SEL-3505 Automation Controller",
"trust": 0.8,
"url": "https://www.selinc.com/sel-3505/"
},
{
"title": "Real-Time Automation Controller (RTAC)",
"trust": 0.8,
"url": "https://www.selinc.com/sel-3530/"
},
{
"title": "Patch for multiple device local denial of service vulnerabilities in Schweitzer Engineering Laboratories",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/38162"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-12159"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003716"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003716"
},
{
"db": "NVD",
"id": "CVE-2013-2798"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-13-219-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2798"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2798"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/61667"
},
{
"trust": 0.3,
"url": "https://www.selinc.com/sel-3530/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-12159"
},
{
"db": "BID",
"id": "61667"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003716"
},
{
"db": "NVD",
"id": "CVE-2013-2798"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-131"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "c94d5dc4-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-12159"
},
{
"db": "BID",
"id": "61667"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003716"
},
{
"db": "NVD",
"id": "CVE-2013-2798"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-131"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-08-13T00:00:00",
"db": "IVD",
"id": "c94d5dc4-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2013-08-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-12159"
},
{
"date": "2013-08-07T00:00:00",
"db": "BID",
"id": "61667"
},
{
"date": "2013-08-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003716"
},
{
"date": "2013-08-09T23:55:02.560000",
"db": "NVD",
"id": "CVE-2013-2798"
},
{
"date": "2013-08-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-131"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-08-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-12159"
},
{
"date": "2013-08-07T00:00:00",
"db": "BID",
"id": "61667"
},
{
"date": "2013-08-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003716"
},
{
"date": "2013-08-12T20:23:44.803000",
"db": "NVD",
"id": "CVE-2013-2798"
},
{
"date": "2013-08-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-131"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "61667"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-131"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schweitzer Engineering Laboratories Multiple Device Local Denial of Service Vulnerabilities",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-12159"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-131"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "c94d5dc4-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-131"
}
],
"trust": 0.8
}
}
VAR-201308-0166
Vulnerability from variot - Updated: 2023-12-18 12:21Schweitzer Engineering Laboratories (SEL) SEL-2241, SEL-3505, and SEL-3530 RTAC master devices allow remote attackers to cause a denial of service (infinite loop) via a crafted DNP3 TCP packet. Schweitzer Engineering Laboratories is a leading manufacturer in Washington State, USA, and is a leader in power system relay protection, control, monitoring, metering and SCADA. Under certain conditions, the DNP3 driver will automatically restart and resume communication, but in severe cases, the device ALARM contact will trigger an assertion and need to reload the device driver settings. The affected products are as follows: SEL-3530-R100 -V0-Z001001-D20090915 - SEL-3530- SEL-3530-R123-V0-Z002001SEL-3530-4-R107-V0-Z001001-D20100818 - SEL-3530-4-R123 -V0-Z002001-D20130117SEL-3505-R119-V0-Z001001-D20120720 - SEL-3505-R123-V0-Z002001-D20130117SEL-2241-R113-V0-Z001001-D20110721 - SEL-2241-R123-V0-Z002001-D20130117. Multiple Schweitzer Engineering Laboratories devices are prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the affected device, denying service to legitimate users. Note: This issue affects the IP connected devices
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201308-0166",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sel-3530-4",
"scope": "eq",
"trust": 1.6,
"vendor": "selinc",
"version": "r107-v0-z001001-d20100818"
},
{
"model": "sel-2241",
"scope": "eq",
"trust": 1.6,
"vendor": "selinc",
"version": "r113-v0-z001001-d20110721"
},
{
"model": "sel-3530",
"scope": "eq",
"trust": 1.6,
"vendor": "selinc",
"version": "r100_-v0-z001001-d20090915"
},
{
"model": "sel-3530",
"scope": "eq",
"trust": 1.6,
"vendor": "selinc",
"version": "r123-v0-z002001"
},
{
"model": "sel-3505",
"scope": "eq",
"trust": 1.6,
"vendor": "selinc",
"version": "r123-v0-z002001-d20130117"
},
{
"model": "sel-3530-4",
"scope": "eq",
"trust": 1.6,
"vendor": "selinc",
"version": "r123-v0-z002001-d20130117"
},
{
"model": "sel-3505",
"scope": "eq",
"trust": 1.6,
"vendor": "selinc",
"version": "r119-v0-z001001-d20120720"
},
{
"model": "sel-2241",
"scope": "eq",
"trust": 1.6,
"vendor": "selinc",
"version": "r123-v0-z002001-d20130117"
},
{
"model": "sel-2241",
"scope": "eq",
"trust": 0.8,
"vendor": "schweitzer engineering laboratories",
"version": "r113-v0-z001001-d20110721 to sel-2241-r123-v0-z002001-d20130117"
},
{
"model": "sel-3505",
"scope": "eq",
"trust": 0.8,
"vendor": "schweitzer engineering laboratories",
"version": "r119-v0-z001001-d20120720 to sel-3505-r123-v0-z002001-d20130117"
},
{
"model": "sel-3530",
"scope": "eq",
"trust": 0.8,
"vendor": "schweitzer engineering laboratories",
"version": "r100 -v0-z001001-d20090915 to sel-3530- sel-3530-r123-v0-z002001"
},
{
"model": "sel-3530-4",
"scope": "eq",
"trust": 0.8,
"vendor": "schweitzer engineering laboratories",
"version": "r107-v0-z001001-d20100818 to sel-3530-4-r123-v0-z002001-d20130117"
},
{
"model": "engineering laboratories sel-3530 rtac",
"scope": null,
"trust": 0.6,
"vendor": "schweitzer",
"version": null
},
{
"model": "engineering laboratories sel-3505 rtac",
"scope": null,
"trust": 0.6,
"vendor": "schweitzer",
"version": null
},
{
"model": "engineering laboratories sel-2241 rtac",
"scope": null,
"trust": 0.6,
"vendor": "schweitzer",
"version": null
},
{
"model": "r113-v0-z001001-d20110721",
"scope": null,
"trust": 0.2,
"vendor": "sel 2241",
"version": null
},
{
"model": "r123-v0-z002001-d20130117",
"scope": null,
"trust": 0.2,
"vendor": "sel 2241",
"version": null
},
{
"model": "r119-v0-z001001-d20120720",
"scope": null,
"trust": 0.2,
"vendor": "sel 3505",
"version": null
},
{
"model": "r123-v0-z002001-d20130117",
"scope": null,
"trust": 0.2,
"vendor": "sel 3505",
"version": null
},
{
"model": "r100 -v0-z001001-d20090915",
"scope": null,
"trust": 0.2,
"vendor": "sel 3530",
"version": null
},
{
"model": "r123-v0-z002001",
"scope": null,
"trust": 0.2,
"vendor": "sel 3530",
"version": null
},
{
"model": "r107-v0-z001001-d20100818",
"scope": null,
"trust": 0.2,
"vendor": "sel 3530 4",
"version": null
},
{
"model": "r123-v0-z002001-d20130117",
"scope": null,
"trust": 0.2,
"vendor": "sel 3530 4",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "c9668f1a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-12158"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003714"
},
{
"db": "NVD",
"id": "CVE-2013-2792"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-130"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:selinc:sel-2241:r113-v0-z001001-d20110721:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:selinc:sel-3530:r123-v0-z002001:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:selinc:sel-3505:r119-v0-z001001-d20120720:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:selinc:sel-3505:r123-v0-z002001-d20130117:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:selinc:sel-3530-4:r107-v0-z001001-d20100818:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:selinc:sel-3530-4:r123-v0-z002001-d20130117:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:selinc:sel-2241:r123-v0-z002001-d20130117:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:selinc:sel-3530:r100_-v0-z001001-d20090915:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2792"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adam Crain of Automatak and Chris Sistrunk",
"sources": [
{
"db": "BID",
"id": "61665"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-130"
}
],
"trust": 0.9
},
"cve": "CVE-2013-2792",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.1,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2013-2792",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2013-12158",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "c9668f1a-2352-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-2792",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2013-12158",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201308-130",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "c9668f1a-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "c9668f1a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-12158"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003714"
},
{
"db": "NVD",
"id": "CVE-2013-2792"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-130"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schweitzer Engineering Laboratories (SEL) SEL-2241, SEL-3505, and SEL-3530 RTAC master devices allow remote attackers to cause a denial of service (infinite loop) via a crafted DNP3 TCP packet. Schweitzer Engineering Laboratories is a leading manufacturer in Washington State, USA, and is a leader in power system relay protection, control, monitoring, metering and SCADA. Under certain conditions, the DNP3 driver will automatically restart and resume communication, but in severe cases, the device ALARM contact will trigger an assertion and need to reload the device driver settings. The affected products are as follows: SEL-3530-R100 -V0-Z001001-D20090915 - SEL-3530- SEL-3530-R123-V0-Z002001SEL-3530-4-R107-V0-Z001001-D20100818 - SEL-3530-4-R123 -V0-Z002001-D20130117SEL-3505-R119-V0-Z001001-D20120720 - SEL-3505-R123-V0-Z002001-D20130117SEL-2241-R113-V0-Z001001-D20110721 - SEL-2241-R123-V0-Z002001-D20130117. Multiple Schweitzer Engineering Laboratories devices are prone to a remote denial-of-service vulnerability. \nAn attacker can exploit this issue to crash the affected device, denying service to legitimate users. \nNote: This issue affects the IP connected devices",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2792"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003714"
},
{
"db": "CNVD",
"id": "CNVD-2013-12158"
},
{
"db": "BID",
"id": "61665"
},
{
"db": "IVD",
"id": "c9668f1a-2352-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-2792",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-13-219-01",
"trust": 3.0
},
{
"db": "BID",
"id": "61665",
"trust": 1.5
},
{
"db": "CNVD",
"id": "CNVD-2013-12158",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201308-130",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003714",
"trust": 0.8
},
{
"db": "IVD",
"id": "C9668F1A-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "c9668f1a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-12158"
},
{
"db": "BID",
"id": "61665"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003714"
},
{
"db": "NVD",
"id": "CVE-2013-2792"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-130"
}
]
},
"id": "VAR-201308-0166",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "c9668f1a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-12158"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "c9668f1a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-12158"
}
]
},
"last_update_date": "2023-12-18T12:21:39.849000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.selinc.com/default.aspx"
},
{
"title": "SEL-3505 Automation Controller",
"trust": 0.8,
"url": "https://www.selinc.com/sel-3505"
},
{
"title": "Real-Time Automation Controller (RTAC)",
"trust": 0.8,
"url": "https://www.selinc.com/sel-3530"
},
{
"title": "SEL-2240 Axion Distributed Control and Integration Platform",
"trust": 0.8,
"url": "https://www.selinc.com/sel-2240/"
},
{
"title": "Schweitzer Engineering Laboratories Patch for Multiple Device Remote Denial of Service Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/38161"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-12158"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003714"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003714"
},
{
"db": "NVD",
"id": "CVE-2013-2792"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-13-219-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2792"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2792"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/61665"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-12158"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003714"
},
{
"db": "NVD",
"id": "CVE-2013-2792"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-130"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "c9668f1a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-12158"
},
{
"db": "BID",
"id": "61665"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003714"
},
{
"db": "NVD",
"id": "CVE-2013-2792"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-130"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-08-13T00:00:00",
"db": "IVD",
"id": "c9668f1a-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2013-08-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-12158"
},
{
"date": "2013-08-07T00:00:00",
"db": "BID",
"id": "61665"
},
{
"date": "2013-08-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003714"
},
{
"date": "2013-08-09T23:55:02.513000",
"db": "NVD",
"id": "CVE-2013-2792"
},
{
"date": "2013-08-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-130"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-08-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-12158"
},
{
"date": "2013-10-21T00:18:00",
"db": "BID",
"id": "61665"
},
{
"date": "2013-08-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003714"
},
{
"date": "2013-08-12T20:00:00.960000",
"db": "NVD",
"id": "CVE-2013-2792"
},
{
"date": "2013-08-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-130"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201308-130"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Schweitzer Engineering Laboratories Service disruption in products (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003714"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "c9668f1a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-130"
}
],
"trust": 0.8
}
}
CVE-2023-31166 (GCVE-0-2023-31166)
Vulnerability from cvelistv5 – Published: 2023-05-10 19:25 – Updated: 2025-01-24 19:28
VLAI?
Title
Improper Limitation of a Pathname to a Restricted Directory
Summary
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to create folders in arbitrary paths of the file system.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.1 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R126-V0 , < R150-V2
(custom)
Affected: R126-V0 , < R149-V4 (custom) Affected: R126-V0 , < R148-V7 (custom) Affected: R126-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Andrea Palanca, Nozomi Networks
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31166",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:28:10.395795Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:28:19.480Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to create folders in arbitrary paths of the file system.\u003cbr\u003e\u003cbr\u003eSee SEL Service Bulletin dated 2022-11-15 for more details."
}
],
"value": "An Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to create folders in arbitrary paths of the file system.\n\nSee SEL Service Bulletin dated 2022-11-15 for more details."
}
],
"impacts": [
{
"capecId": "CAPEC-643",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-643 Identify Shared Files/Directories on System"
}
]
},
{
"capecId": "CAPEC-176",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-176 Configuration/Environment Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:25:59.606Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Limitation of a Pathname to a Restricted Directory",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31166",
"datePublished": "2023-05-10T19:25:59.606Z",
"dateReserved": "2023-04-24T23:19:33.137Z",
"dateUpdated": "2025-01-24T19:28:19.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31165 (GCVE-0-2023-31165)
Vulnerability from cvelistv5 – Published: 2023-05-10 19:25 – Updated: 2025-01-24 19:27
VLAI?
Title
Improper Neutralization of Input During Web Page Generation
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R119-V0 , < R150-V2
(custom)
Affected: R119-V0 , < R149-V4 (custom) Affected: R119-V0 , < R148-V7 (custom) Affected: R119-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Andrea Palanca, Nozomi Networks
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.790Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31165",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:27:51.348037Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:27:55.295Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003cbr\u003e\u003cdiv\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003c/div\u003e\u003c/div\u003e\n\n"
}
],
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:25:34.186Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31165",
"datePublished": "2023-05-10T19:25:34.186Z",
"dateReserved": "2023-04-24T23:19:33.137Z",
"dateUpdated": "2025-01-24T19:27:55.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31164 (GCVE-0-2023-31164)
Vulnerability from cvelistv5 – Published: 2023-05-10 19:25 – Updated: 2025-01-24 19:27
VLAI?
Title
Improper Neutralization of Input During Web Page Generation
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R119-V0 , < R150-V2
(custom)
Affected: R119-V0 , < R149-V4 (custom) Affected: R119-V0 , < R148-V7 (custom) Affected: R119-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Andrea Palanca, Nozomi Networks
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.764Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31164",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:27:36.186170Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:27:38.573Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003cbr\u003e\u003cdiv\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003c/div\u003e\u003c/div\u003e\n\n"
}
],
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:25:16.534Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31164",
"datePublished": "2023-05-10T19:25:16.534Z",
"dateReserved": "2023-04-24T23:19:33.137Z",
"dateUpdated": "2025-01-24T19:27:38.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31163 (GCVE-0-2023-31163)
Vulnerability from cvelistv5 – Published: 2023-05-10 19:24 – Updated: 2025-01-24 19:27
VLAI?
Title
Improper Neutralization of Input During Web Page Generation
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R119-V0 , < R150-V2
(custom)
Affected: R119-V0 , < R149-V4 (custom) Affected: R119-V0 , < R148-V7 (custom) Affected: R119-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Andrea Palanca, Nozomi Networks
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.738Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31163",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:27:10.625855Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:27:13.760Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003cbr\u003e\u003cdiv\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003c/div\u003e\u003c/div\u003e\n\n"
}
],
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:24:45.965Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31163",
"datePublished": "2023-05-10T19:24:45.965Z",
"dateReserved": "2023-04-24T23:19:33.136Z",
"dateUpdated": "2025-01-24T19:27:13.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31162 (GCVE-0-2023-31162)
Vulnerability from cvelistv5 – Published: 2023-05-10 19:24 – Updated: 2025-01-24 19:26
VLAI?
Title
Improper Input Validation in Web Interface
Summary
An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to arbitrarily alter the content of a configuration file.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.8 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R149-V0 , < R150-V2
(custom)
Affected: R149-V0 , < R149-V4 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Andrea Palanca, Nozomi Networks
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.773Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31162",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:26:51.589571Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:26:55.712Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to arbitrarily alter the content of a configuration file.\u003cbr\u003e\u003cbr\u003eSee SEL Service Bulletin dated 2022-11-15 for more details."
}
],
"value": "An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to arbitrarily alter the content of a configuration file.\n\nSee SEL Service Bulletin dated 2022-11-15 for more details."
}
],
"impacts": [
{
"capecId": "CAPEC-176",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-176 Configuration/Environment Manipulation"
}
]
},
{
"capecId": "CAPEC-275",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-275 DNS Rebinding"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:24:20.480Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Input Validation in Web Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31162",
"datePublished": "2023-05-10T19:24:20.480Z",
"dateReserved": "2023-04-24T23:19:33.136Z",
"dateUpdated": "2025-01-24T19:26:55.712Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31160 (GCVE-0-2023-31160)
Vulnerability from cvelistv5 – Published: 2023-05-10 19:23 – Updated: 2025-01-24 19:19
VLAI?
Title
Improper Neutralization of Input During Web Page Generation
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R132-V0 , < R150-V2
(custom)
Affected: R132-V0 , < R149-V4 (custom) Affected: R132-V0 , < R148-V7 (custom) Affected: R132-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Andrea Palanca, Nozomi Networks
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31160",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:19:22.925031Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:19:25.906Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003c/div\u003e\n\n\u003cp\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:23:43.200Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31160",
"datePublished": "2023-05-10T19:23:43.200Z",
"dateReserved": "2023-04-24T23:19:33.136Z",
"dateUpdated": "2025-01-24T19:19:25.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31159 (GCVE-0-2023-31159)
Vulnerability from cvelistv5 – Published: 2023-05-10 19:23 – Updated: 2025-01-24 19:10
VLAI?
Title
Improper Neutralization of Input During Web Page Generation
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R132-V0 , < R150-V2
(custom)
Affected: R132-V0 , < R149-V4 (custom) Affected: R132-V0 , < R148-V7 (custom) Affected: R132-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Andrea Palanca, Nozomi Networks
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.784Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31159",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:10:03.615553Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:10:07.456Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003c/div\u003e\n\n\u003cp\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:23:29.182Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31159",
"datePublished": "2023-05-10T19:23:29.182Z",
"dateReserved": "2023-04-24T23:19:33.136Z",
"dateUpdated": "2025-01-24T19:10:07.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31158 (GCVE-0-2023-31158)
Vulnerability from cvelistv5 – Published: 2023-05-10 19:23 – Updated: 2025-01-24 19:09
VLAI?
Title
Improper Neutralization of Input During Web Page Generation
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R132-V0 , < R150-V2
(custom)
Affected: R132-V0 , < R149-V4 (custom) Affected: R132-V0 , < R148-V7 (custom) Affected: R132-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Andrea Palanca, Nozomi Networks
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31158",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:09:44.725784Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:09:47.546Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003c/div\u003e\n\n\u003cp\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:23:15.171Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31158",
"datePublished": "2023-05-10T19:23:15.171Z",
"dateReserved": "2023-04-24T23:19:33.136Z",
"dateUpdated": "2025-01-24T19:09:47.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31157 (GCVE-0-2023-31157)
Vulnerability from cvelistv5 – Published: 2023-05-10 19:22 – Updated: 2025-01-24 19:09
VLAI?
Title
Improper Neutralization of Input During Web Page Generation
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R132-V0 , < R150-V2
(custom)
Affected: R132-V0 , < R149-V4 (custom) Affected: R132-V0 , < R148-V7 (custom) Affected: R132-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Andrea Palanca, Nozomi Networks
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.689Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31157",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:09:17.571361Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:09:33.094Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003c/div\u003e\n\n\u003cp\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:22:58.877Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31157",
"datePublished": "2023-05-10T19:22:58.877Z",
"dateReserved": "2023-04-24T23:19:04.959Z",
"dateUpdated": "2025-01-24T19:09:33.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31156 (GCVE-0-2023-31156)
Vulnerability from cvelistv5 – Published: 2023-05-10 19:22 – Updated: 2025-01-24 19:08
VLAI?
Title
Improper Neutralization of Input During Web Page Generation
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R132-V0 , < R150-V2
(custom)
Affected: R132-V0 , < R149-V4 (custom) Affected: R132-V0 , < R148-V7 (custom) Affected: R132-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Andrea Palanca, Nozomi Networks
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.890Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31156",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:08:45.763598Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:08:49.377Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003c/div\u003e\n\n\u003cp\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:22:44.225Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31156",
"datePublished": "2023-05-10T19:22:44.225Z",
"dateReserved": "2023-04-24T23:19:04.959Z",
"dateUpdated": "2025-01-24T19:08:49.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31155 (GCVE-0-2023-31155)
Vulnerability from cvelistv5 – Published: 2023-05-10 19:22 – Updated: 2025-01-24 19:05
VLAI?
Title
Improper Neutralization of Input During Web Page Generation
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R132-V0 , < R150-V2
(custom)
Affected: R132-V0 , < R149-V4 (custom) Affected: R132-V0 , < R148-V7 (custom) Affected: R132-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Andrea Palanca, Nozomi Networks
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.765Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31155",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:05:37.935719Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:05:41.753Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003c/div\u003e\n\n\u003cp\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:22:32.651Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31155",
"datePublished": "2023-05-10T19:22:32.651Z",
"dateReserved": "2023-04-24T23:19:04.959Z",
"dateUpdated": "2025-01-24T19:05:41.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31154 (GCVE-0-2023-31154)
Vulnerability from cvelistv5 – Published: 2023-05-10 19:22 – Updated: 2025-01-24 19:05
VLAI?
Title
Improper Neutralization of Input During Web Page Generation
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R132-V0 , < R150-V2
(custom)
Affected: R132-V0 , < R149-V4 (custom) Affected: R132-V0 , < R148-V7 (custom) Affected: R132-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Andrea Palanca, Nozomi Networks
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31154",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:05:17.174236Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:05:24.335Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003c/div\u003e\n\n\u003cp\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:22:18.749Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31154",
"datePublished": "2023-05-10T19:22:18.749Z",
"dateReserved": "2023-04-24T23:19:04.958Z",
"dateUpdated": "2025-01-24T19:05:24.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31153 (GCVE-0-2023-31153)
Vulnerability from cvelistv5 – Published: 2023-05-10 19:22 – Updated: 2025-01-24 19:05
VLAI?
Title
Improper Neutralization of Input During Web Page Generation
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R119-V0 , < R150-V2
(custom)
Affected: R119-V0 , < R149-V4 (custom) Affected: R119-V0 , < R148-V7 (custom) Affected: R119-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Andrea Palanca, Nozomi Networks
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.706Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31153",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:04:43.531419Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:05:05.448Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R109-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R109-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R109-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R109-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R109-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R109-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R109-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R109-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eSchweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/span\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003c/span\u003e\n\n\u003c/p\u003e"
}
],
"value": "An Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the\u00a0Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.See SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:22:06.307Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31153",
"datePublished": "2023-05-10T19:22:06.307Z",
"dateReserved": "2023-04-24T23:19:04.958Z",
"dateUpdated": "2025-01-24T19:05:05.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31152 (GCVE-0-2023-31152)
Vulnerability from cvelistv5 – Published: 2023-05-10 19:21 – Updated: 2025-01-24 19:04
VLAI?
Title
Authentication Bypass Using an Alternate Path or Channel
Summary
An Authentication Bypass Using an Alternate Path or Channel vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface allows Authentication Bypass.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4 (Medium)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R147-V0 , < R150-V2
(custom)
Affected: R147-V0 , < R149-V4 (custom) Affected: R147-V0 , < R148-V7 (custom) Affected: R147-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Andrea Palanca, Nozomi Networks
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.728Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31152",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:04:22.247927Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:04:25.192Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Authentication Bypass Using an Alternate Path or Channel vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface allows Authentication Bypass. \u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003c/span\u003e\n\n\u003c/p\u003e"
}
],
"value": "An Authentication Bypass Using an Alternate Path or Channel vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface allows Authentication Bypass. \nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:21:50.029Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Authentication Bypass Using an Alternate Path or Channel",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31152",
"datePublished": "2023-05-10T19:21:50.029Z",
"dateReserved": "2023-04-24T23:19:04.957Z",
"dateUpdated": "2025-01-24T19:04:25.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31166 (GCVE-0-2023-31166)
Vulnerability from nvd – Published: 2023-05-10 19:25 – Updated: 2025-01-24 19:28
VLAI?
Title
Improper Limitation of a Pathname to a Restricted Directory
Summary
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to create folders in arbitrary paths of the file system.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.1 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R126-V0 , < R150-V2
(custom)
Affected: R126-V0 , < R149-V4 (custom) Affected: R126-V0 , < R148-V7 (custom) Affected: R126-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Andrea Palanca, Nozomi Networks
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31166",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:28:10.395795Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:28:19.480Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to create folders in arbitrary paths of the file system.\u003cbr\u003e\u003cbr\u003eSee SEL Service Bulletin dated 2022-11-15 for more details."
}
],
"value": "An Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to create folders in arbitrary paths of the file system.\n\nSee SEL Service Bulletin dated 2022-11-15 for more details."
}
],
"impacts": [
{
"capecId": "CAPEC-643",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-643 Identify Shared Files/Directories on System"
}
]
},
{
"capecId": "CAPEC-176",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-176 Configuration/Environment Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:25:59.606Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Limitation of a Pathname to a Restricted Directory",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31166",
"datePublished": "2023-05-10T19:25:59.606Z",
"dateReserved": "2023-04-24T23:19:33.137Z",
"dateUpdated": "2025-01-24T19:28:19.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31165 (GCVE-0-2023-31165)
Vulnerability from nvd – Published: 2023-05-10 19:25 – Updated: 2025-01-24 19:27
VLAI?
Title
Improper Neutralization of Input During Web Page Generation
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R119-V0 , < R150-V2
(custom)
Affected: R119-V0 , < R149-V4 (custom) Affected: R119-V0 , < R148-V7 (custom) Affected: R119-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Andrea Palanca, Nozomi Networks
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.790Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31165",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:27:51.348037Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:27:55.295Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003cbr\u003e\u003cdiv\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003c/div\u003e\u003c/div\u003e\n\n"
}
],
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:25:34.186Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31165",
"datePublished": "2023-05-10T19:25:34.186Z",
"dateReserved": "2023-04-24T23:19:33.137Z",
"dateUpdated": "2025-01-24T19:27:55.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31164 (GCVE-0-2023-31164)
Vulnerability from nvd – Published: 2023-05-10 19:25 – Updated: 2025-01-24 19:27
VLAI?
Title
Improper Neutralization of Input During Web Page Generation
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R119-V0 , < R150-V2
(custom)
Affected: R119-V0 , < R149-V4 (custom) Affected: R119-V0 , < R148-V7 (custom) Affected: R119-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Andrea Palanca, Nozomi Networks
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.764Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31164",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:27:36.186170Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:27:38.573Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003cbr\u003e\u003cdiv\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003c/div\u003e\u003c/div\u003e\n\n"
}
],
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:25:16.534Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31164",
"datePublished": "2023-05-10T19:25:16.534Z",
"dateReserved": "2023-04-24T23:19:33.137Z",
"dateUpdated": "2025-01-24T19:27:38.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31163 (GCVE-0-2023-31163)
Vulnerability from nvd – Published: 2023-05-10 19:24 – Updated: 2025-01-24 19:27
VLAI?
Title
Improper Neutralization of Input During Web Page Generation
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R119-V0 , < R150-V2
(custom)
Affected: R119-V0 , < R149-V4 (custom) Affected: R119-V0 , < R148-V7 (custom) Affected: R119-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Andrea Palanca, Nozomi Networks
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.738Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31163",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:27:10.625855Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:27:13.760Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003cbr\u003e\u003cdiv\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003c/div\u003e\u003c/div\u003e\n\n"
}
],
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:24:45.965Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31163",
"datePublished": "2023-05-10T19:24:45.965Z",
"dateReserved": "2023-04-24T23:19:33.136Z",
"dateUpdated": "2025-01-24T19:27:13.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31162 (GCVE-0-2023-31162)
Vulnerability from nvd – Published: 2023-05-10 19:24 – Updated: 2025-01-24 19:26
VLAI?
Title
Improper Input Validation in Web Interface
Summary
An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to arbitrarily alter the content of a configuration file.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.8 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R149-V0 , < R150-V2
(custom)
Affected: R149-V0 , < R149-V4 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Andrea Palanca, Nozomi Networks
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.773Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31162",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:26:51.589571Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:26:55.712Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to arbitrarily alter the content of a configuration file.\u003cbr\u003e\u003cbr\u003eSee SEL Service Bulletin dated 2022-11-15 for more details."
}
],
"value": "An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to arbitrarily alter the content of a configuration file.\n\nSee SEL Service Bulletin dated 2022-11-15 for more details."
}
],
"impacts": [
{
"capecId": "CAPEC-176",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-176 Configuration/Environment Manipulation"
}
]
},
{
"capecId": "CAPEC-275",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-275 DNS Rebinding"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:24:20.480Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Input Validation in Web Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31162",
"datePublished": "2023-05-10T19:24:20.480Z",
"dateReserved": "2023-04-24T23:19:33.136Z",
"dateUpdated": "2025-01-24T19:26:55.712Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31160 (GCVE-0-2023-31160)
Vulnerability from nvd – Published: 2023-05-10 19:23 – Updated: 2025-01-24 19:19
VLAI?
Title
Improper Neutralization of Input During Web Page Generation
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R132-V0 , < R150-V2
(custom)
Affected: R132-V0 , < R149-V4 (custom) Affected: R132-V0 , < R148-V7 (custom) Affected: R132-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Andrea Palanca, Nozomi Networks
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31160",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:19:22.925031Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:19:25.906Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003c/div\u003e\n\n\u003cp\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:23:43.200Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31160",
"datePublished": "2023-05-10T19:23:43.200Z",
"dateReserved": "2023-04-24T23:19:33.136Z",
"dateUpdated": "2025-01-24T19:19:25.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31159 (GCVE-0-2023-31159)
Vulnerability from nvd – Published: 2023-05-10 19:23 – Updated: 2025-01-24 19:10
VLAI?
Title
Improper Neutralization of Input During Web Page Generation
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R132-V0 , < R150-V2
(custom)
Affected: R132-V0 , < R149-V4 (custom) Affected: R132-V0 , < R148-V7 (custom) Affected: R132-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Andrea Palanca, Nozomi Networks
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.784Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31159",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:10:03.615553Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:10:07.456Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003c/div\u003e\n\n\u003cp\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:23:29.182Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31159",
"datePublished": "2023-05-10T19:23:29.182Z",
"dateReserved": "2023-04-24T23:19:33.136Z",
"dateUpdated": "2025-01-24T19:10:07.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31158 (GCVE-0-2023-31158)
Vulnerability from nvd – Published: 2023-05-10 19:23 – Updated: 2025-01-24 19:09
VLAI?
Title
Improper Neutralization of Input During Web Page Generation
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R132-V0 , < R150-V2
(custom)
Affected: R132-V0 , < R149-V4 (custom) Affected: R132-V0 , < R148-V7 (custom) Affected: R132-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Andrea Palanca, Nozomi Networks
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31158",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:09:44.725784Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:09:47.546Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003c/div\u003e\n\n\u003cp\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:23:15.171Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31158",
"datePublished": "2023-05-10T19:23:15.171Z",
"dateReserved": "2023-04-24T23:19:33.136Z",
"dateUpdated": "2025-01-24T19:09:47.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31157 (GCVE-0-2023-31157)
Vulnerability from nvd – Published: 2023-05-10 19:22 – Updated: 2025-01-24 19:09
VLAI?
Title
Improper Neutralization of Input During Web Page Generation
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R132-V0 , < R150-V2
(custom)
Affected: R132-V0 , < R149-V4 (custom) Affected: R132-V0 , < R148-V7 (custom) Affected: R132-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Andrea Palanca, Nozomi Networks
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.689Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31157",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:09:17.571361Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:09:33.094Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003c/div\u003e\n\n\u003cp\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:22:58.877Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31157",
"datePublished": "2023-05-10T19:22:58.877Z",
"dateReserved": "2023-04-24T23:19:04.959Z",
"dateUpdated": "2025-01-24T19:09:33.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31156 (GCVE-0-2023-31156)
Vulnerability from nvd – Published: 2023-05-10 19:22 – Updated: 2025-01-24 19:08
VLAI?
Title
Improper Neutralization of Input During Web Page Generation
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R132-V0 , < R150-V2
(custom)
Affected: R132-V0 , < R149-V4 (custom) Affected: R132-V0 , < R148-V7 (custom) Affected: R132-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Andrea Palanca, Nozomi Networks
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.890Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31156",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:08:45.763598Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:08:49.377Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003c/div\u003e\n\n\u003cp\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:22:44.225Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31156",
"datePublished": "2023-05-10T19:22:44.225Z",
"dateReserved": "2023-04-24T23:19:04.959Z",
"dateUpdated": "2025-01-24T19:08:49.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31155 (GCVE-0-2023-31155)
Vulnerability from nvd – Published: 2023-05-10 19:22 – Updated: 2025-01-24 19:05
VLAI?
Title
Improper Neutralization of Input During Web Page Generation
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R132-V0 , < R150-V2
(custom)
Affected: R132-V0 , < R149-V4 (custom) Affected: R132-V0 , < R148-V7 (custom) Affected: R132-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Andrea Palanca, Nozomi Networks
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.765Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31155",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:05:37.935719Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:05:41.753Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003c/div\u003e\n\n\u003cp\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:22:32.651Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31155",
"datePublished": "2023-05-10T19:22:32.651Z",
"dateReserved": "2023-04-24T23:19:04.959Z",
"dateUpdated": "2025-01-24T19:05:41.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31154 (GCVE-0-2023-31154)
Vulnerability from nvd – Published: 2023-05-10 19:22 – Updated: 2025-01-24 19:05
VLAI?
Title
Improper Neutralization of Input During Web Page Generation
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R132-V0 , < R150-V2
(custom)
Affected: R132-V0 , < R149-V4 (custom) Affected: R132-V0 , < R148-V7 (custom) Affected: R132-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Andrea Palanca, Nozomi Networks
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31154",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:05:17.174236Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:05:24.335Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003c/div\u003e\n\n\u003cp\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:22:18.749Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31154",
"datePublished": "2023-05-10T19:22:18.749Z",
"dateReserved": "2023-04-24T23:19:04.958Z",
"dateUpdated": "2025-01-24T19:05:24.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31153 (GCVE-0-2023-31153)
Vulnerability from nvd – Published: 2023-05-10 19:22 – Updated: 2025-01-24 19:05
VLAI?
Title
Improper Neutralization of Input During Web Page Generation
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R119-V0 , < R150-V2
(custom)
Affected: R119-V0 , < R149-V4 (custom) Affected: R119-V0 , < R148-V7 (custom) Affected: R119-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Andrea Palanca, Nozomi Networks
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.706Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31153",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:04:43.531419Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:05:05.448Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R109-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R109-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R109-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R109-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R109-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R109-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R109-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R109-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eSchweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/span\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003c/span\u003e\n\n\u003c/p\u003e"
}
],
"value": "An Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the\u00a0Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.See SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:22:06.307Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31153",
"datePublished": "2023-05-10T19:22:06.307Z",
"dateReserved": "2023-04-24T23:19:04.958Z",
"dateUpdated": "2025-01-24T19:05:05.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31152 (GCVE-0-2023-31152)
Vulnerability from nvd – Published: 2023-05-10 19:21 – Updated: 2025-01-24 19:04
VLAI?
Title
Authentication Bypass Using an Alternate Path or Channel
Summary
An Authentication Bypass Using an Alternate Path or Channel vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface allows Authentication Bypass.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4 (Medium)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R147-V0 , < R150-V2
(custom)
Affected: R147-V0 , < R149-V4 (custom) Affected: R147-V0 , < R148-V7 (custom) Affected: R147-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Andrea Palanca, Nozomi Networks
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.728Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31152",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:04:22.247927Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:04:25.192Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Authentication Bypass Using an Alternate Path or Channel vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface allows Authentication Bypass. \u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003c/span\u003e\n\n\u003c/p\u003e"
}
],
"value": "An Authentication Bypass Using an Alternate Path or Channel vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface allows Authentication Bypass. \nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:21:50.029Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Authentication Bypass Using an Alternate Path or Channel",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31152",
"datePublished": "2023-05-10T19:21:50.029Z",
"dateReserved": "2023-04-24T23:19:04.957Z",
"dateUpdated": "2025-01-24T19:04:25.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}