Search criteria
57 vulnerabilities found for sel-2241_rtac_module_firmware by selinc
FKIE_CVE-2023-31163
Vulnerability from fkie_nvd - Published: 2023-05-10 20:15 - Updated: 2024-11-21 08:01
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
References
| URL | Tags | ||
|---|---|---|---|
| security@selinc.com | https://selinc.com/support/security-notifications/external-reports/ | Vendor Advisory | |
| security@selinc.com | https://www.nozominetworks.com/blog/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://selinc.com/support/security-notifications/external-reports/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.nozominetworks.com/blog/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| selinc | sel-2241_rtac_module_firmware | * | |
| selinc | sel-2241_rtac_module | - | |
| selinc | sel-3350_firmware | * | |
| selinc | sel-3350 | - | |
| selinc | sel-3505_firmware | * | |
| selinc | sel-3505 | - | |
| selinc | sel-3505-3_firmware | * | |
| selinc | sel-3505-3 | - | |
| selinc | sel-3530_firmware | * | |
| selinc | sel-3530 | - | |
| selinc | sel-3530-4_firmware | * | |
| selinc | sel-3530-4 | - | |
| selinc | sel-3532_firmware | * | |
| selinc | sel-3532 | - | |
| selinc | sel-3555_firmware | * | |
| selinc | sel-3555 | - | |
| selinc | sel-3560e_firmware | * | |
| selinc | sel-3560e | - | |
| selinc | sel-3560s_firmware | * | |
| selinc | sel-3560s | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-2241_rtac_module_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92EC2190-5E06-429E-A06A-76571E7ED430",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r113-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-2241_rtac_module:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE4A1AB9-1190-4620-BF97-4A5569E74310",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "490EC90A-C8C4-4AEA-90E8-DA1C6D11932C",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r148-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA7F410-7F74-4EF1-913E-7B34674716DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3505_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2161BCBC-6892-47E6-9A9F-0A82F0AA6A92",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r119-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3505:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14D78E73-46F2-4D00-A75B-909752E36EB4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3505-3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39E788ED-56DC-455E-B907-9DA7ED359CB9",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3505-3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A479C2B-F691-4E04-B551-9F631E5A2A0F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3530_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A438B8C-AD18-47F5-94BF-2484D778EA75",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r100-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3530:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E56BC08-9C49-4614-8F52-3413B804A128",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3530-4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C48D1C36-0F34-4A95-88E2-B69DE8803AF7",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r108-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3530-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB424E1B-2AE3-449E-9AA1-2AF48C1920FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3532_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9982B6A-2CED-4EF4-946D-E4B8A8CE3935",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3532:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E573857F-C6DC-4E59-8F5B-4C51ED4D69DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3555_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9333068D-CE59-4644-879F-A1B29D07C26B",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r134-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3555:-:*:*:*:*:*:*:*",
"matchCriteriaId": "282F6DB1-4B0F-424F-B5E4-0827F1E7EE6F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3560e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF86940-89E4-4D3C-B51D-CF189B8B20A3",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r144-v2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3560e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3EB8694-DC56-4E35-9659-B2787F872E08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3560s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28EAFD3D-1697-42BA-941E-2970A1177302",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r144-v2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3560s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D2A4A4-B81E-4034-863D-900D95166543",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n\n"
}
],
"id": "CVE-2023-31163",
"lastModified": "2024-11-21T08:01:32.010",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4,
"source": "security@selinc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-10T20:15:11.263",
"references": [
{
"source": "security@selinc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"source": "security@selinc.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nozominetworks.com/blog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"sourceIdentifier": "security@selinc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@selinc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-31166
Vulnerability from fkie_nvd - Published: 2023-05-10 20:15 - Updated: 2024-11-21 08:01
Severity ?
4.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to create folders in arbitrary paths of the file system.
See SEL Service Bulletin dated 2022-11-15 for more details.
References
| URL | Tags | ||
|---|---|---|---|
| security@selinc.com | https://selinc.com/support/security-notifications/external-reports/ | Vendor Advisory | |
| security@selinc.com | https://www.nozominetworks.com/blog/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://selinc.com/support/security-notifications/external-reports/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.nozominetworks.com/blog/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| selinc | sel-2241_rtac_module_firmware | * | |
| selinc | sel-2241_rtac_module | - | |
| selinc | sel-3350_firmware | * | |
| selinc | sel-3350 | - | |
| selinc | sel-3505_firmware | * | |
| selinc | sel-3505 | - | |
| selinc | sel-3505-3_firmware | * | |
| selinc | sel-3505-3 | - | |
| selinc | sel-3530_firmware | * | |
| selinc | sel-3530 | - | |
| selinc | sel-3530-4_firmware | * | |
| selinc | sel-3530-4 | - | |
| selinc | sel-3532_firmware | * | |
| selinc | sel-3532 | - | |
| selinc | sel-3555_firmware | * | |
| selinc | sel-3555 | - | |
| selinc | sel-3560e_firmware | * | |
| selinc | sel-3560e | - | |
| selinc | sel-3560s_firmware | * | |
| selinc | sel-3560s | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-2241_rtac_module_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9BAD3F78-6369-47E6-9E44-BB48BBFFC967",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r126-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-2241_rtac_module:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE4A1AB9-1190-4620-BF97-4A5569E74310",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "490EC90A-C8C4-4AEA-90E8-DA1C6D11932C",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r148-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA7F410-7F74-4EF1-913E-7B34674716DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3505_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAA9CABD-D8C4-4B90-A08C-7FB7428723FA",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r126-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3505:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14D78E73-46F2-4D00-A75B-909752E36EB4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3505-3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39E788ED-56DC-455E-B907-9DA7ED359CB9",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3505-3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A479C2B-F691-4E04-B551-9F631E5A2A0F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3530_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CAC9158A-E358-437E-9DE8-C0C98ABD5934",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r126-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3530:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E56BC08-9C49-4614-8F52-3413B804A128",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3530-4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00FF1F6D-9562-4B44-B792-6555721AD81A",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r126-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3530-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB424E1B-2AE3-449E-9AA1-2AF48C1920FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3532_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9982B6A-2CED-4EF4-946D-E4B8A8CE3935",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3532:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E573857F-C6DC-4E59-8F5B-4C51ED4D69DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3555_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9333068D-CE59-4644-879F-A1B29D07C26B",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r134-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3555:-:*:*:*:*:*:*:*",
"matchCriteriaId": "282F6DB1-4B0F-424F-B5E4-0827F1E7EE6F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3560e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF86940-89E4-4D3C-B51D-CF189B8B20A3",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r144-v2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3560e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3EB8694-DC56-4E35-9659-B2787F872E08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3560s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28EAFD3D-1697-42BA-941E-2970A1177302",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r144-v2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3560s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D2A4A4-B81E-4034-863D-900D95166543",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to create folders in arbitrary paths of the file system.\n\nSee SEL Service Bulletin dated 2022-11-15 for more details."
}
],
"id": "CVE-2023-31166",
"lastModified": "2024-11-21T08:01:32.503",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 1.4,
"source": "security@selinc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-10T20:15:11.537",
"references": [
{
"source": "security@selinc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"source": "security@selinc.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nozominetworks.com/blog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"sourceIdentifier": "security@selinc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "security@selinc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-31165
Vulnerability from fkie_nvd - Published: 2023-05-10 20:15 - Updated: 2024-11-21 08:01
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
References
| URL | Tags | ||
|---|---|---|---|
| security@selinc.com | https://selinc.com/support/security-notifications/external-reports/ | Vendor Advisory | |
| security@selinc.com | https://www.nozominetworks.com/blog/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://selinc.com/support/security-notifications/external-reports/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.nozominetworks.com/blog/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| selinc | sel-2241_rtac_module_firmware | * | |
| selinc | sel-2241_rtac_module | - | |
| selinc | sel-3350_firmware | * | |
| selinc | sel-3350 | - | |
| selinc | sel-3505_firmware | * | |
| selinc | sel-3505 | - | |
| selinc | sel-3505-3_firmware | * | |
| selinc | sel-3505-3 | - | |
| selinc | sel-3530_firmware | * | |
| selinc | sel-3530 | - | |
| selinc | sel-3530-4_firmware | * | |
| selinc | sel-3530-4 | - | |
| selinc | sel-3532_firmware | * | |
| selinc | sel-3532 | - | |
| selinc | sel-3555_firmware | * | |
| selinc | sel-3555 | - | |
| selinc | sel-3560e_firmware | * | |
| selinc | sel-3560e | - | |
| selinc | sel-3560s_firmware | * | |
| selinc | sel-3560s | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-2241_rtac_module_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92EC2190-5E06-429E-A06A-76571E7ED430",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r113-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-2241_rtac_module:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE4A1AB9-1190-4620-BF97-4A5569E74310",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "490EC90A-C8C4-4AEA-90E8-DA1C6D11932C",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r148-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA7F410-7F74-4EF1-913E-7B34674716DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3505_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2161BCBC-6892-47E6-9A9F-0A82F0AA6A92",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r119-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3505:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14D78E73-46F2-4D00-A75B-909752E36EB4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3505-3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39E788ED-56DC-455E-B907-9DA7ED359CB9",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3505-3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A479C2B-F691-4E04-B551-9F631E5A2A0F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3530_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A438B8C-AD18-47F5-94BF-2484D778EA75",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r100-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3530:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E56BC08-9C49-4614-8F52-3413B804A128",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3530-4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C48D1C36-0F34-4A95-88E2-B69DE8803AF7",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r108-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3530-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB424E1B-2AE3-449E-9AA1-2AF48C1920FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3532_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9982B6A-2CED-4EF4-946D-E4B8A8CE3935",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3532:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E573857F-C6DC-4E59-8F5B-4C51ED4D69DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3555_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9333068D-CE59-4644-879F-A1B29D07C26B",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r134-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3555:-:*:*:*:*:*:*:*",
"matchCriteriaId": "282F6DB1-4B0F-424F-B5E4-0827F1E7EE6F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3560e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF86940-89E4-4D3C-B51D-CF189B8B20A3",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r144-v2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3560e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3EB8694-DC56-4E35-9659-B2787F872E08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3560s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28EAFD3D-1697-42BA-941E-2970A1177302",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r144-v2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3560s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D2A4A4-B81E-4034-863D-900D95166543",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n\n"
}
],
"id": "CVE-2023-31165",
"lastModified": "2024-11-21T08:01:32.343",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4,
"source": "security@selinc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-10T20:15:11.440",
"references": [
{
"source": "security@selinc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"source": "security@selinc.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nozominetworks.com/blog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"sourceIdentifier": "security@selinc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@selinc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-31162
Vulnerability from fkie_nvd - Published: 2023-05-10 20:15 - Updated: 2024-11-21 08:01
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to arbitrarily alter the content of a configuration file.
See SEL Service Bulletin dated 2022-11-15 for more details.
References
| URL | Tags | ||
|---|---|---|---|
| security@selinc.com | https://selinc.com/support/security-notifications/external-reports/ | Vendor Advisory | |
| security@selinc.com | https://www.nozominetworks.com/blog/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://selinc.com/support/security-notifications/external-reports/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.nozominetworks.com/blog/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| selinc | sel-2241_rtac_module_firmware | * | |
| selinc | sel-2241_rtac_module | - | |
| selinc | sel-3350_firmware | * | |
| selinc | sel-3350 | - | |
| selinc | sel-3505_firmware | * | |
| selinc | sel-3505 | - | |
| selinc | sel-3505-3_firmware | * | |
| selinc | sel-3505-3 | - | |
| selinc | sel-3530_firmware | * | |
| selinc | sel-3530 | - | |
| selinc | sel-3530-4_firmware | * | |
| selinc | sel-3530-4 | - | |
| selinc | sel-3532_firmware | * | |
| selinc | sel-3532 | - | |
| selinc | sel-3555_firmware | * | |
| selinc | sel-3555 | - | |
| selinc | sel-3560e_firmware | * | |
| selinc | sel-3560e | - | |
| selinc | sel-3560s_firmware | * | |
| selinc | sel-3560s | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-2241_rtac_module_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF5452C-BF96-49EE-8920-4851DFE010CC",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r149-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-2241_rtac_module:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE4A1AB9-1190-4620-BF97-4A5569E74310",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94443363-8BDC-4978-A72D-CBD39742E8E6",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r149-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA7F410-7F74-4EF1-913E-7B34674716DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3505_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C5DACA5-0C74-48A0-B463-CC496C41CE8E",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r149-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3505:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14D78E73-46F2-4D00-A75B-909752E36EB4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3505-3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DC95CFF-E911-451C-ACC2-7DB88E89A42B",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r149-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3505-3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A479C2B-F691-4E04-B551-9F631E5A2A0F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3530_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B04F5072-52A5-4FF5-9887-08416D3144C6",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r149-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3530:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E56BC08-9C49-4614-8F52-3413B804A128",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3530-4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CFAEDBE0-0C25-4738-BAC5-EDC263EFBB18",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r149-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3530-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB424E1B-2AE3-449E-9AA1-2AF48C1920FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3532_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C36D159-E943-40D6-A427-69DDB99F51A3",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r149-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3532:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E573857F-C6DC-4E59-8F5B-4C51ED4D69DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3555_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E6D8665-C915-4DC8-81F7-2F5D70E9484F",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r149-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3555:-:*:*:*:*:*:*:*",
"matchCriteriaId": "282F6DB1-4B0F-424F-B5E4-0827F1E7EE6F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3560e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E1B292E-658D-462A-8693-A504322DDC65",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r149-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3560e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3EB8694-DC56-4E35-9659-B2787F872E08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3560s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4224616-5752-4C58-8A1F-54866314B8A2",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r149-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3560s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D2A4A4-B81E-4034-863D-900D95166543",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to arbitrarily alter the content of a configuration file.\n\nSee SEL Service Bulletin dated 2022-11-15 for more details."
}
],
"id": "CVE-2023-31162",
"lastModified": "2024-11-21T08:01:31.853",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "security@selinc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-10T20:15:11.170",
"references": [
{
"source": "security@selinc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"source": "security@selinc.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nozominetworks.com/blog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"sourceIdentifier": "security@selinc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security@selinc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-31164
Vulnerability from fkie_nvd - Published: 2023-05-10 20:15 - Updated: 2024-11-21 08:01
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
References
| URL | Tags | ||
|---|---|---|---|
| security@selinc.com | https://selinc.com/support/security-notifications/external-reports/ | Vendor Advisory | |
| security@selinc.com | https://www.nozominetworks.com/blog/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://selinc.com/support/security-notifications/external-reports/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.nozominetworks.com/blog/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| selinc | sel-2241_rtac_module_firmware | * | |
| selinc | sel-2241_rtac_module | - | |
| selinc | sel-3350_firmware | * | |
| selinc | sel-3350 | - | |
| selinc | sel-3505_firmware | * | |
| selinc | sel-3505 | - | |
| selinc | sel-3505-3_firmware | * | |
| selinc | sel-3505-3 | - | |
| selinc | sel-3530_firmware | * | |
| selinc | sel-3530 | - | |
| selinc | sel-3530-4_firmware | * | |
| selinc | sel-3530-4 | - | |
| selinc | sel-3532_firmware | * | |
| selinc | sel-3532 | - | |
| selinc | sel-3555_firmware | * | |
| selinc | sel-3555 | - | |
| selinc | sel-3560e_firmware | * | |
| selinc | sel-3560e | - | |
| selinc | sel-3560s_firmware | * | |
| selinc | sel-3560s | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-2241_rtac_module_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92EC2190-5E06-429E-A06A-76571E7ED430",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r113-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-2241_rtac_module:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE4A1AB9-1190-4620-BF97-4A5569E74310",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "490EC90A-C8C4-4AEA-90E8-DA1C6D11932C",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r148-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA7F410-7F74-4EF1-913E-7B34674716DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3505_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2161BCBC-6892-47E6-9A9F-0A82F0AA6A92",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r119-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3505:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14D78E73-46F2-4D00-A75B-909752E36EB4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3505-3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39E788ED-56DC-455E-B907-9DA7ED359CB9",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3505-3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A479C2B-F691-4E04-B551-9F631E5A2A0F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3530_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A438B8C-AD18-47F5-94BF-2484D778EA75",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r100-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3530:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E56BC08-9C49-4614-8F52-3413B804A128",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3530-4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C48D1C36-0F34-4A95-88E2-B69DE8803AF7",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r108-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3530-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB424E1B-2AE3-449E-9AA1-2AF48C1920FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3532_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9982B6A-2CED-4EF4-946D-E4B8A8CE3935",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3532:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E573857F-C6DC-4E59-8F5B-4C51ED4D69DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3555_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9333068D-CE59-4644-879F-A1B29D07C26B",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r134-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3555:-:*:*:*:*:*:*:*",
"matchCriteriaId": "282F6DB1-4B0F-424F-B5E4-0827F1E7EE6F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3560e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF86940-89E4-4D3C-B51D-CF189B8B20A3",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r144-v2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3560e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3EB8694-DC56-4E35-9659-B2787F872E08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3560s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28EAFD3D-1697-42BA-941E-2970A1177302",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r144-v2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3560s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D2A4A4-B81E-4034-863D-900D95166543",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n\n"
}
],
"id": "CVE-2023-31164",
"lastModified": "2024-11-21T08:01:32.177",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4,
"source": "security@selinc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-10T20:15:11.360",
"references": [
{
"source": "security@selinc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"source": "security@selinc.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nozominetworks.com/blog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"sourceIdentifier": "security@selinc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@selinc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-31160
Vulnerability from fkie_nvd - Published: 2023-05-10 20:15 - Updated: 2024-11-21 08:01
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
References
| URL | Tags | ||
|---|---|---|---|
| security@selinc.com | https://selinc.com/support/security-notifications/external-reports/ | Vendor Advisory | |
| security@selinc.com | https://www.nozominetworks.com/blog/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://selinc.com/support/security-notifications/external-reports/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.nozominetworks.com/blog/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| selinc | sel-2241_rtac_module_firmware | * | |
| selinc | sel-2241_rtac_module | - | |
| selinc | sel-3350_firmware | * | |
| selinc | sel-3350 | - | |
| selinc | sel-3505_firmware | * | |
| selinc | sel-3505 | - | |
| selinc | sel-3505-3_firmware | * | |
| selinc | sel-3505-3 | - | |
| selinc | sel-3530_firmware | * | |
| selinc | sel-3530 | - | |
| selinc | sel-3530-4_firmware | * | |
| selinc | sel-3530-4 | - | |
| selinc | sel-3532_firmware | * | |
| selinc | sel-3532 | - | |
| selinc | sel-3555_firmware | * | |
| selinc | sel-3555 | - | |
| selinc | sel-3560e_firmware | * | |
| selinc | sel-3560e | - | |
| selinc | sel-3560s_firmware | * | |
| selinc | sel-3560s | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-2241_rtac_module_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92EC2190-5E06-429E-A06A-76571E7ED430",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r113-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-2241_rtac_module:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE4A1AB9-1190-4620-BF97-4A5569E74310",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "490EC90A-C8C4-4AEA-90E8-DA1C6D11932C",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r148-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA7F410-7F74-4EF1-913E-7B34674716DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3505_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2161BCBC-6892-47E6-9A9F-0A82F0AA6A92",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r119-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3505:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14D78E73-46F2-4D00-A75B-909752E36EB4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3505-3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39E788ED-56DC-455E-B907-9DA7ED359CB9",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3505-3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A479C2B-F691-4E04-B551-9F631E5A2A0F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3530_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A438B8C-AD18-47F5-94BF-2484D778EA75",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r100-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3530:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E56BC08-9C49-4614-8F52-3413B804A128",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3530-4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C48D1C36-0F34-4A95-88E2-B69DE8803AF7",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r108-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3530-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB424E1B-2AE3-449E-9AA1-2AF48C1920FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3532_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9982B6A-2CED-4EF4-946D-E4B8A8CE3935",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3532:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E573857F-C6DC-4E59-8F5B-4C51ED4D69DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3555_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9333068D-CE59-4644-879F-A1B29D07C26B",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r134-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3555:-:*:*:*:*:*:*:*",
"matchCriteriaId": "282F6DB1-4B0F-424F-B5E4-0827F1E7EE6F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3560e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF86940-89E4-4D3C-B51D-CF189B8B20A3",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r144-v2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3560e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3EB8694-DC56-4E35-9659-B2787F872E08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3560s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28EAFD3D-1697-42BA-941E-2970A1177302",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r144-v2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3560s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D2A4A4-B81E-4034-863D-900D95166543",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
}
],
"id": "CVE-2023-31160",
"lastModified": "2024-11-21T08:01:31.530",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4,
"source": "security@selinc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-10T20:15:11.003",
"references": [
{
"source": "security@selinc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"source": "security@selinc.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nozominetworks.com/blog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"sourceIdentifier": "security@selinc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@selinc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-31154
Vulnerability from fkie_nvd - Published: 2023-05-10 20:15 - Updated: 2024-11-21 08:01
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
References
| URL | Tags | ||
|---|---|---|---|
| security@selinc.com | https://selinc.com/support/security-notifications/external-reports/ | Vendor Advisory | |
| security@selinc.com | https://www.nozominetworks.com/blog/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://selinc.com/support/security-notifications/external-reports/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.nozominetworks.com/blog/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| selinc | sel-2241_rtac_module_firmware | * | |
| selinc | sel-2241_rtac_module | - | |
| selinc | sel-3350_firmware | * | |
| selinc | sel-3350 | - | |
| selinc | sel-3505_firmware | * | |
| selinc | sel-3505 | - | |
| selinc | sel-3505-3_firmware | * | |
| selinc | sel-3505-3 | - | |
| selinc | sel-3530_firmware | * | |
| selinc | sel-3530 | - | |
| selinc | sel-3530-4_firmware | * | |
| selinc | sel-3530-4 | - | |
| selinc | sel-3532_firmware | * | |
| selinc | sel-3532 | - | |
| selinc | sel-3555_firmware | * | |
| selinc | sel-3555 | - | |
| selinc | sel-3560e_firmware | * | |
| selinc | sel-3560e | - | |
| selinc | sel-3560s_firmware | * | |
| selinc | sel-3560s | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-2241_rtac_module_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D2D202A-9B85-4BA0-8FE4-A6F71F369E8D",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-2241_rtac_module:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE4A1AB9-1190-4620-BF97-4A5569E74310",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "490EC90A-C8C4-4AEA-90E8-DA1C6D11932C",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r148-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA7F410-7F74-4EF1-913E-7B34674716DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3505_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65D15943-DDAB-446D-9179-CEEEF7EDA5BA",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3505:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14D78E73-46F2-4D00-A75B-909752E36EB4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3505-3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39E788ED-56DC-455E-B907-9DA7ED359CB9",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3505-3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A479C2B-F691-4E04-B551-9F631E5A2A0F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3530_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4821D90-2614-48D3-AFFC-B65C94E8968C",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3530:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E56BC08-9C49-4614-8F52-3413B804A128",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3530-4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6F4CFF-173F-4B68-8296-6F3713F98460",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3530-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB424E1B-2AE3-449E-9AA1-2AF48C1920FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3532_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9982B6A-2CED-4EF4-946D-E4B8A8CE3935",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3532:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E573857F-C6DC-4E59-8F5B-4C51ED4D69DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3555_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9333068D-CE59-4644-879F-A1B29D07C26B",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r134-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3555:-:*:*:*:*:*:*:*",
"matchCriteriaId": "282F6DB1-4B0F-424F-B5E4-0827F1E7EE6F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3560e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF86940-89E4-4D3C-B51D-CF189B8B20A3",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r144-v2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3560e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3EB8694-DC56-4E35-9659-B2787F872E08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3560s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28EAFD3D-1697-42BA-941E-2970A1177302",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r144-v2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3560s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D2A4A4-B81E-4034-863D-900D95166543",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
}
],
"id": "CVE-2023-31154",
"lastModified": "2024-11-21T08:01:30.560",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4,
"source": "security@selinc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-10T20:15:10.443",
"references": [
{
"source": "security@selinc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"source": "security@selinc.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nozominetworks.com/blog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"sourceIdentifier": "security@selinc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@selinc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-31155
Vulnerability from fkie_nvd - Published: 2023-05-10 20:15 - Updated: 2024-11-21 08:01
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
References
| URL | Tags | ||
|---|---|---|---|
| security@selinc.com | https://selinc.com/support/security-notifications/external-reports/ | Vendor Advisory | |
| security@selinc.com | https://www.nozominetworks.com/blog/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://selinc.com/support/security-notifications/external-reports/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.nozominetworks.com/blog/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| selinc | sel-2241_rtac_module_firmware | * | |
| selinc | sel-2241_rtac_module | - | |
| selinc | sel-3350_firmware | * | |
| selinc | sel-3350 | - | |
| selinc | sel-3505_firmware | * | |
| selinc | sel-3505 | - | |
| selinc | sel-3505-3_firmware | * | |
| selinc | sel-3505-3 | - | |
| selinc | sel-3530_firmware | * | |
| selinc | sel-3530 | - | |
| selinc | sel-3530-4_firmware | * | |
| selinc | sel-3530-4 | - | |
| selinc | sel-3532_firmware | * | |
| selinc | sel-3532 | - | |
| selinc | sel-3555_firmware | * | |
| selinc | sel-3555 | - | |
| selinc | sel-3560e_firmware | * | |
| selinc | sel-3560e | - | |
| selinc | sel-3560s_firmware | * | |
| selinc | sel-3560s | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-2241_rtac_module_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D2D202A-9B85-4BA0-8FE4-A6F71F369E8D",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-2241_rtac_module:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE4A1AB9-1190-4620-BF97-4A5569E74310",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "490EC90A-C8C4-4AEA-90E8-DA1C6D11932C",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r148-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA7F410-7F74-4EF1-913E-7B34674716DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3505_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65D15943-DDAB-446D-9179-CEEEF7EDA5BA",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3505:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14D78E73-46F2-4D00-A75B-909752E36EB4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3505-3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39E788ED-56DC-455E-B907-9DA7ED359CB9",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3505-3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A479C2B-F691-4E04-B551-9F631E5A2A0F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3530_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4821D90-2614-48D3-AFFC-B65C94E8968C",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3530:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E56BC08-9C49-4614-8F52-3413B804A128",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3530-4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6F4CFF-173F-4B68-8296-6F3713F98460",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3530-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB424E1B-2AE3-449E-9AA1-2AF48C1920FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3532_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9982B6A-2CED-4EF4-946D-E4B8A8CE3935",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3532:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E573857F-C6DC-4E59-8F5B-4C51ED4D69DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3555_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9333068D-CE59-4644-879F-A1B29D07C26B",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r134-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3555:-:*:*:*:*:*:*:*",
"matchCriteriaId": "282F6DB1-4B0F-424F-B5E4-0827F1E7EE6F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3560e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF86940-89E4-4D3C-B51D-CF189B8B20A3",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r144-v2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3560e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3EB8694-DC56-4E35-9659-B2787F872E08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3560s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28EAFD3D-1697-42BA-941E-2970A1177302",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r144-v2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3560s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D2A4A4-B81E-4034-863D-900D95166543",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
}
],
"id": "CVE-2023-31155",
"lastModified": "2024-11-21T08:01:30.730",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4,
"source": "security@selinc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-10T20:15:10.543",
"references": [
{
"source": "security@selinc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"source": "security@selinc.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nozominetworks.com/blog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"sourceIdentifier": "security@selinc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@selinc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-31153
Vulnerability from fkie_nvd - Published: 2023-05-10 20:15 - Updated: 2024-11-21 08:01
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.See SEL Service Bulletin dated 2022-11-15 for more details.
References
| URL | Tags | ||
|---|---|---|---|
| security@selinc.com | https://selinc.com/support/security-notifications/external-reports/ | Vendor Advisory | |
| security@selinc.com | https://www.nozominetworks.com/blog/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://selinc.com/support/security-notifications/external-reports/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.nozominetworks.com/blog/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| selinc | sel-2241_rtac_module_firmware | * | |
| selinc | sel-2241_rtac_module | - | |
| selinc | sel-3350_firmware | * | |
| selinc | sel-3350 | - | |
| selinc | sel-3505_firmware | * | |
| selinc | sel-3505 | - | |
| selinc | sel-3505-3_firmware | * | |
| selinc | sel-3505-3 | - | |
| selinc | sel-3530_firmware | * | |
| selinc | sel-3530 | - | |
| selinc | sel-3530-4_firmware | * | |
| selinc | sel-3530-4 | - | |
| selinc | sel-3532_firmware | * | |
| selinc | sel-3532 | - | |
| selinc | sel-3555_firmware | * | |
| selinc | sel-3555 | - | |
| selinc | sel-3560e_firmware | * | |
| selinc | sel-3560e | - | |
| selinc | sel-3560s_firmware | * | |
| selinc | sel-3560s | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-2241_rtac_module_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92EC2190-5E06-429E-A06A-76571E7ED430",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r113-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-2241_rtac_module:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE4A1AB9-1190-4620-BF97-4A5569E74310",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "490EC90A-C8C4-4AEA-90E8-DA1C6D11932C",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r148-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA7F410-7F74-4EF1-913E-7B34674716DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3505_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2161BCBC-6892-47E6-9A9F-0A82F0AA6A92",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r119-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3505:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14D78E73-46F2-4D00-A75B-909752E36EB4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3505-3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39E788ED-56DC-455E-B907-9DA7ED359CB9",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3505-3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A479C2B-F691-4E04-B551-9F631E5A2A0F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3530_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF61241-5DC9-4CC8-8864-194FAE36F456",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r109-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3530:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E56BC08-9C49-4614-8F52-3413B804A128",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3530-4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEC2354-33FF-4266-9648-BA165747EECE",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r109-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3530-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB424E1B-2AE3-449E-9AA1-2AF48C1920FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3532_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9982B6A-2CED-4EF4-946D-E4B8A8CE3935",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3532:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E573857F-C6DC-4E59-8F5B-4C51ED4D69DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3555_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9333068D-CE59-4644-879F-A1B29D07C26B",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r134-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3555:-:*:*:*:*:*:*:*",
"matchCriteriaId": "282F6DB1-4B0F-424F-B5E4-0827F1E7EE6F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3560e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF86940-89E4-4D3C-B51D-CF189B8B20A3",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r144-v2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3560e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3EB8694-DC56-4E35-9659-B2787F872E08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3560s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28EAFD3D-1697-42BA-941E-2970A1177302",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r144-v2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3560s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D2A4A4-B81E-4034-863D-900D95166543",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the\u00a0Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.See SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n"
}
],
"id": "CVE-2023-31153",
"lastModified": "2024-11-21T08:01:30.370",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4,
"source": "security@selinc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-10T20:15:10.343",
"references": [
{
"source": "security@selinc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"source": "security@selinc.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nozominetworks.com/blog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"sourceIdentifier": "security@selinc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@selinc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-31151
Vulnerability from fkie_nvd - Published: 2023-05-10 20:15 - Updated: 2024-11-21 08:01
Severity ?
4.7 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
4.2 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
4.2 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Summary
An Improper Certificate Validation vulnerability
in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface
could allow a remote unauthenticated attacker to conduct a man-in-the-middle (MitM) attack.
See SEL Service Bulletin dated 2022-11-15 for more details.
References
| URL | Tags | ||
|---|---|---|---|
| security@selinc.com | https://selinc.com/support/security-notifications/external-reports/ | Vendor Advisory | |
| security@selinc.com | https://www.nozominetworks.com/blog/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://selinc.com/support/security-notifications/external-reports/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.nozominetworks.com/blog/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| selinc | sel-2241_rtac_module_firmware | * | |
| selinc | sel-2241_rtac_module | - | |
| selinc | sel-3350_firmware | * | |
| selinc | sel-3350 | - | |
| selinc | sel-3505_firmware | * | |
| selinc | sel-3505 | - | |
| selinc | sel-3505-3_firmware | * | |
| selinc | sel-3505-3 | - | |
| selinc | sel-3530_firmware | * | |
| selinc | sel-3530 | - | |
| selinc | sel-3530-4_firmware | * | |
| selinc | sel-3530-4 | - | |
| selinc | sel-3532_firmware | * | |
| selinc | sel-3532 | - | |
| selinc | sel-3555_firmware | * | |
| selinc | sel-3555 | - | |
| selinc | sel-3560e_firmware | * | |
| selinc | sel-3560e | - | |
| selinc | sel-3560s_firmware | * | |
| selinc | sel-3560s | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-2241_rtac_module_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB329AB0-9D1C-4D59-B8BE-D04DF89B9CB6",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r147-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-2241_rtac_module:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE4A1AB9-1190-4620-BF97-4A5569E74310",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "490EC90A-C8C4-4AEA-90E8-DA1C6D11932C",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r148-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA7F410-7F74-4EF1-913E-7B34674716DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3505_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20A834EB-DE61-4C04-A2D9-E1650E774DB2",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r147-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3505:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14D78E73-46F2-4D00-A75B-909752E36EB4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3505-3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01FAF35B-5F98-4C36-B4F9-0C86FD4320CA",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r147-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3505-3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A479C2B-F691-4E04-B551-9F631E5A2A0F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3530_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6226FB3D-260D-4F8B-B7D3-B9EA50D80855",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r147-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3530:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E56BC08-9C49-4614-8F52-3413B804A128",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3530-4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC6D5138-45BB-4297-AAC6-78236C0A1487",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r147-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3530-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB424E1B-2AE3-449E-9AA1-2AF48C1920FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3532_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E536C912-E3A2-4344-9162-7E00F8C4298D",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r147-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3532:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E573857F-C6DC-4E59-8F5B-4C51ED4D69DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3555_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0646EA5-FC40-4601-8958-47F0255EDA9F",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r147-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3555:-:*:*:*:*:*:*:*",
"matchCriteriaId": "282F6DB1-4B0F-424F-B5E4-0827F1E7EE6F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3560e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "052FF575-FDDE-4C78-97C5-97D1712F8785",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r147-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3560e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3EB8694-DC56-4E35-9659-B2787F872E08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3560s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15CCDC18-5789-4B05-8944-9C87B1F58DEC",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r147-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3560s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D2A4A4-B81E-4034-863D-900D95166543",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Certificate Validation vulnerability \n\nin the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface\n\ncould allow a remote unauthenticated attacker to conduct a man-in-the-middle (MitM) attack.\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n"
}
],
"id": "CVE-2023-31151",
"lastModified": "2024-11-21T08:01:30.033",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 2.7,
"source": "security@selinc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-10T20:15:10.147",
"references": [
{
"source": "security@selinc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"source": "security@selinc.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nozominetworks.com/blog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"sourceIdentifier": "security@selinc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "security@selinc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-31159
Vulnerability from fkie_nvd - Published: 2023-05-10 20:15 - Updated: 2024-11-21 08:01
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
References
| URL | Tags | ||
|---|---|---|---|
| security@selinc.com | https://selinc.com/support/security-notifications/external-reports/ | Vendor Advisory | |
| security@selinc.com | https://www.nozominetworks.com/blog/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://selinc.com/support/security-notifications/external-reports/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.nozominetworks.com/blog/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| selinc | sel-2241_rtac_module_firmware | * | |
| selinc | sel-2241_rtac_module | - | |
| selinc | sel-3350_firmware | * | |
| selinc | sel-3350 | - | |
| selinc | sel-3505_firmware | * | |
| selinc | sel-3505 | - | |
| selinc | sel-3505-3_firmware | * | |
| selinc | sel-3505-3 | - | |
| selinc | sel-3530_firmware | * | |
| selinc | sel-3530 | - | |
| selinc | sel-3530-4_firmware | * | |
| selinc | sel-3530-4 | - | |
| selinc | sel-3532_firmware | * | |
| selinc | sel-3532 | - | |
| selinc | sel-3555_firmware | * | |
| selinc | sel-3555 | - | |
| selinc | sel-3560e_firmware | * | |
| selinc | sel-3560e | - | |
| selinc | sel-3560s_firmware | * | |
| selinc | sel-3560s | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-2241_rtac_module_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92EC2190-5E06-429E-A06A-76571E7ED430",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r113-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-2241_rtac_module:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE4A1AB9-1190-4620-BF97-4A5569E74310",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "490EC90A-C8C4-4AEA-90E8-DA1C6D11932C",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r148-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA7F410-7F74-4EF1-913E-7B34674716DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3505_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2161BCBC-6892-47E6-9A9F-0A82F0AA6A92",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r119-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3505:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14D78E73-46F2-4D00-A75B-909752E36EB4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3505-3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39E788ED-56DC-455E-B907-9DA7ED359CB9",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3505-3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A479C2B-F691-4E04-B551-9F631E5A2A0F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3530_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A438B8C-AD18-47F5-94BF-2484D778EA75",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r100-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3530:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E56BC08-9C49-4614-8F52-3413B804A128",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3530-4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C48D1C36-0F34-4A95-88E2-B69DE8803AF7",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r108-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3530-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB424E1B-2AE3-449E-9AA1-2AF48C1920FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3532_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9982B6A-2CED-4EF4-946D-E4B8A8CE3935",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3532:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E573857F-C6DC-4E59-8F5B-4C51ED4D69DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3555_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9333068D-CE59-4644-879F-A1B29D07C26B",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r134-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3555:-:*:*:*:*:*:*:*",
"matchCriteriaId": "282F6DB1-4B0F-424F-B5E4-0827F1E7EE6F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3560e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF86940-89E4-4D3C-B51D-CF189B8B20A3",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r144-v2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3560e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3EB8694-DC56-4E35-9659-B2787F872E08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3560s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28EAFD3D-1697-42BA-941E-2970A1177302",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r144-v2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3560s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D2A4A4-B81E-4034-863D-900D95166543",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
}
],
"id": "CVE-2023-31159",
"lastModified": "2024-11-21T08:01:31.387",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4,
"source": "security@selinc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-10T20:15:10.910",
"references": [
{
"source": "security@selinc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"source": "security@selinc.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nozominetworks.com/blog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"sourceIdentifier": "security@selinc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@selinc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-31152
Vulnerability from fkie_nvd - Published: 2023-05-10 20:15 - Updated: 2024-11-21 08:01
Severity ?
4.0 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An Authentication Bypass Using an Alternate Path or Channel vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface allows Authentication Bypass.
See SEL Service Bulletin dated 2022-11-15 for more details.
References
| URL | Tags | ||
|---|---|---|---|
| security@selinc.com | https://selinc.com/support/security-notifications/external-reports/ | Vendor Advisory | |
| security@selinc.com | https://www.nozominetworks.com/blog/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://selinc.com/support/security-notifications/external-reports/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.nozominetworks.com/blog/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| selinc | sel-2241_rtac_module_firmware | * | |
| selinc | sel-2241_rtac_module | - | |
| selinc | sel-3350_firmware | * | |
| selinc | sel-3350 | - | |
| selinc | sel-3505_firmware | * | |
| selinc | sel-3505 | - | |
| selinc | sel-3505-3_firmware | * | |
| selinc | sel-3505-3 | - | |
| selinc | sel-3530_firmware | * | |
| selinc | sel-3530 | - | |
| selinc | sel-3530-4_firmware | * | |
| selinc | sel-3530-4 | - | |
| selinc | sel-3532_firmware | * | |
| selinc | sel-3532 | - | |
| selinc | sel-3555_firmware | * | |
| selinc | sel-3555 | - | |
| selinc | sel-3560e_firmware | * | |
| selinc | sel-3560e | - | |
| selinc | sel-3560s_firmware | * | |
| selinc | sel-3560s | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-2241_rtac_module_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB329AB0-9D1C-4D59-B8BE-D04DF89B9CB6",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r147-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-2241_rtac_module:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE4A1AB9-1190-4620-BF97-4A5569E74310",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "490EC90A-C8C4-4AEA-90E8-DA1C6D11932C",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r148-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA7F410-7F74-4EF1-913E-7B34674716DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3505_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20A834EB-DE61-4C04-A2D9-E1650E774DB2",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r147-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3505:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14D78E73-46F2-4D00-A75B-909752E36EB4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3505-3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01FAF35B-5F98-4C36-B4F9-0C86FD4320CA",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r147-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3505-3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A479C2B-F691-4E04-B551-9F631E5A2A0F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3530_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6226FB3D-260D-4F8B-B7D3-B9EA50D80855",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r147-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3530:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E56BC08-9C49-4614-8F52-3413B804A128",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3530-4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC6D5138-45BB-4297-AAC6-78236C0A1487",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r147-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3530-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB424E1B-2AE3-449E-9AA1-2AF48C1920FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3532_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E536C912-E3A2-4344-9162-7E00F8C4298D",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r147-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3532:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E573857F-C6DC-4E59-8F5B-4C51ED4D69DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3555_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0646EA5-FC40-4601-8958-47F0255EDA9F",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r147-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3555:-:*:*:*:*:*:*:*",
"matchCriteriaId": "282F6DB1-4B0F-424F-B5E4-0827F1E7EE6F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3560e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "052FF575-FDDE-4C78-97C5-97D1712F8785",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r147-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3560e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3EB8694-DC56-4E35-9659-B2787F872E08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3560s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15CCDC18-5789-4B05-8944-9C87B1F58DEC",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r147-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3560s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D2A4A4-B81E-4034-863D-900D95166543",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Authentication Bypass Using an Alternate Path or Channel vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface allows Authentication Bypass. \nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n"
}
],
"id": "CVE-2023-31152",
"lastModified": "2024-11-21T08:01:30.203",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 2.7,
"source": "security@selinc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-10T20:15:10.247",
"references": [
{
"source": "security@selinc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"source": "security@selinc.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nozominetworks.com/blog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"sourceIdentifier": "security@selinc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-288"
}
],
"source": "security@selinc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-31157
Vulnerability from fkie_nvd - Published: 2023-05-10 20:15 - Updated: 2024-11-21 08:01
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
References
| URL | Tags | ||
|---|---|---|---|
| security@selinc.com | https://selinc.com/support/security-notifications/external-reports/ | Vendor Advisory | |
| security@selinc.com | https://www.nozominetworks.com/blog/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://selinc.com/support/security-notifications/external-reports/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.nozominetworks.com/blog/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| selinc | sel-2241_rtac_module_firmware | * | |
| selinc | sel-2241_rtac_module | - | |
| selinc | sel-3350_firmware | * | |
| selinc | sel-3350 | - | |
| selinc | sel-3505_firmware | * | |
| selinc | sel-3505 | - | |
| selinc | sel-3505-3_firmware | * | |
| selinc | sel-3505-3 | - | |
| selinc | sel-3530_firmware | * | |
| selinc | sel-3530 | - | |
| selinc | sel-3530-4_firmware | * | |
| selinc | sel-3530-4 | - | |
| selinc | sel-3532_firmware | * | |
| selinc | sel-3532 | - | |
| selinc | sel-3555_firmware | * | |
| selinc | sel-3555 | - | |
| selinc | sel-3560e_firmware | * | |
| selinc | sel-3560e | - | |
| selinc | sel-3560s_firmware | * | |
| selinc | sel-3560s | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-2241_rtac_module_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D2D202A-9B85-4BA0-8FE4-A6F71F369E8D",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-2241_rtac_module:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE4A1AB9-1190-4620-BF97-4A5569E74310",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "490EC90A-C8C4-4AEA-90E8-DA1C6D11932C",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r148-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA7F410-7F74-4EF1-913E-7B34674716DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3505_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65D15943-DDAB-446D-9179-CEEEF7EDA5BA",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3505:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14D78E73-46F2-4D00-A75B-909752E36EB4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3505-3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39E788ED-56DC-455E-B907-9DA7ED359CB9",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3505-3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A479C2B-F691-4E04-B551-9F631E5A2A0F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3530_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4821D90-2614-48D3-AFFC-B65C94E8968C",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3530:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E56BC08-9C49-4614-8F52-3413B804A128",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3530-4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6F4CFF-173F-4B68-8296-6F3713F98460",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3530-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB424E1B-2AE3-449E-9AA1-2AF48C1920FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3532_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9982B6A-2CED-4EF4-946D-E4B8A8CE3935",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3532:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E573857F-C6DC-4E59-8F5B-4C51ED4D69DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3555_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9333068D-CE59-4644-879F-A1B29D07C26B",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r134-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3555:-:*:*:*:*:*:*:*",
"matchCriteriaId": "282F6DB1-4B0F-424F-B5E4-0827F1E7EE6F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3560e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF86940-89E4-4D3C-B51D-CF189B8B20A3",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r144-v2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3560e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3EB8694-DC56-4E35-9659-B2787F872E08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3560s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28EAFD3D-1697-42BA-941E-2970A1177302",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r144-v2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3560s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D2A4A4-B81E-4034-863D-900D95166543",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
}
],
"id": "CVE-2023-31157",
"lastModified": "2024-11-21T08:01:31.047",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4,
"source": "security@selinc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-10T20:15:10.730",
"references": [
{
"source": "security@selinc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"source": "security@selinc.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nozominetworks.com/blog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"sourceIdentifier": "security@selinc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@selinc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-31150
Vulnerability from fkie_nvd - Published: 2023-05-10 20:15 - Updated: 2024-11-21 08:01
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A Storing Passwords in a Recoverable Format vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) database system could allow an authenticated attacker to retrieve passwords.
See SEL Service Bulletin dated 2022-11-15 for more details.
References
| URL | Tags | ||
|---|---|---|---|
| security@selinc.com | https://selinc.com/support/security-notifications/external-reports/ | Vendor Advisory | |
| security@selinc.com | https://www.nozominetworks.com/blog/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://selinc.com/support/security-notifications/external-reports/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.nozominetworks.com/blog/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| selinc | sel-2241_rtac_module_firmware | * | |
| selinc | sel-2241_rtac_module | - | |
| selinc | sel-3350_firmware | * | |
| selinc | sel-3350 | - | |
| selinc | sel-3505_firmware | * | |
| selinc | sel-3505 | - | |
| selinc | sel-3505-3_firmware | * | |
| selinc | sel-3505-3 | - | |
| selinc | sel-3530_firmware | * | |
| selinc | sel-3530 | - | |
| selinc | sel-3530-4_firmware | * | |
| selinc | sel-3530-4 | - | |
| selinc | sel-3532_firmware | * | |
| selinc | sel-3532 | - | |
| selinc | sel-3555_firmware | * | |
| selinc | sel-3555 | - | |
| selinc | sel-3560e_firmware | * | |
| selinc | sel-3560e | - | |
| selinc | sel-3560s_firmware | * | |
| selinc | sel-3560s | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-2241_rtac_module_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E029562-CEA0-4948-8B40-1E98FB4F282B",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r122-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-2241_rtac_module:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE4A1AB9-1190-4620-BF97-4A5569E74310",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "490EC90A-C8C4-4AEA-90E8-DA1C6D11932C",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r148-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA7F410-7F74-4EF1-913E-7B34674716DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3505_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "433C444E-CE55-41D8-B1B7-85D2AA98BEFA",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r122-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3505:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14D78E73-46F2-4D00-A75B-909752E36EB4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3505-3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39E788ED-56DC-455E-B907-9DA7ED359CB9",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3505-3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A479C2B-F691-4E04-B551-9F631E5A2A0F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3530_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBA63C3C-3FF2-4168-9C75-87B3D61975E8",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r122-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3530:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E56BC08-9C49-4614-8F52-3413B804A128",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3530-4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F76BC73-5411-48B5-BF0D-E8D64CB21F3B",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r122-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3530-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB424E1B-2AE3-449E-9AA1-2AF48C1920FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3532_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9982B6A-2CED-4EF4-946D-E4B8A8CE3935",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3532:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E573857F-C6DC-4E59-8F5B-4C51ED4D69DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3555_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9333068D-CE59-4644-879F-A1B29D07C26B",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r134-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3555:-:*:*:*:*:*:*:*",
"matchCriteriaId": "282F6DB1-4B0F-424F-B5E4-0827F1E7EE6F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3560e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF86940-89E4-4D3C-B51D-CF189B8B20A3",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r144-v2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3560e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3EB8694-DC56-4E35-9659-B2787F872E08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3560s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28EAFD3D-1697-42BA-941E-2970A1177302",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r144-v2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3560s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D2A4A4-B81E-4034-863D-900D95166543",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nA Storing Passwords in a Recoverable Format vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) database system could allow an authenticated attacker to retrieve passwords.\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
}
],
"id": "CVE-2023-31150",
"lastModified": "2024-11-21T08:01:29.877",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 6.0,
"source": "security@selinc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-10T20:15:10.043",
"references": [
{
"source": "security@selinc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"source": "security@selinc.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nozominetworks.com/blog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"sourceIdentifier": "security@selinc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-257"
}
],
"source": "security@selinc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-922"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-31156
Vulnerability from fkie_nvd - Published: 2023-05-10 20:15 - Updated: 2024-11-21 08:01
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
References
| URL | Tags | ||
|---|---|---|---|
| security@selinc.com | https://selinc.com/support/security-notifications/external-reports/ | Vendor Advisory | |
| security@selinc.com | https://www.nozominetworks.com/blog/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://selinc.com/support/security-notifications/external-reports/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.nozominetworks.com/blog/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| selinc | sel-2241_rtac_module_firmware | * | |
| selinc | sel-2241_rtac_module | - | |
| selinc | sel-3350_firmware | * | |
| selinc | sel-3350 | - | |
| selinc | sel-3505_firmware | * | |
| selinc | sel-3505 | - | |
| selinc | sel-3505-3_firmware | * | |
| selinc | sel-3505-3 | - | |
| selinc | sel-3530_firmware | * | |
| selinc | sel-3530 | - | |
| selinc | sel-3530-4_firmware | * | |
| selinc | sel-3530-4 | - | |
| selinc | sel-3532_firmware | * | |
| selinc | sel-3532 | - | |
| selinc | sel-3555_firmware | * | |
| selinc | sel-3555 | - | |
| selinc | sel-3560e_firmware | * | |
| selinc | sel-3560e | - | |
| selinc | sel-3560s_firmware | * | |
| selinc | sel-3560s | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-2241_rtac_module_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D2D202A-9B85-4BA0-8FE4-A6F71F369E8D",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-2241_rtac_module:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE4A1AB9-1190-4620-BF97-4A5569E74310",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "490EC90A-C8C4-4AEA-90E8-DA1C6D11932C",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r148-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA7F410-7F74-4EF1-913E-7B34674716DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3505_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65D15943-DDAB-446D-9179-CEEEF7EDA5BA",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3505:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14D78E73-46F2-4D00-A75B-909752E36EB4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3505-3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39E788ED-56DC-455E-B907-9DA7ED359CB9",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3505-3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A479C2B-F691-4E04-B551-9F631E5A2A0F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3530_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4821D90-2614-48D3-AFFC-B65C94E8968C",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3530:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E56BC08-9C49-4614-8F52-3413B804A128",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3530-4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6F4CFF-173F-4B68-8296-6F3713F98460",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3530-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB424E1B-2AE3-449E-9AA1-2AF48C1920FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3532_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9982B6A-2CED-4EF4-946D-E4B8A8CE3935",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3532:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E573857F-C6DC-4E59-8F5B-4C51ED4D69DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3555_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9333068D-CE59-4644-879F-A1B29D07C26B",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r134-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3555:-:*:*:*:*:*:*:*",
"matchCriteriaId": "282F6DB1-4B0F-424F-B5E4-0827F1E7EE6F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3560e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF86940-89E4-4D3C-B51D-CF189B8B20A3",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r144-v2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3560e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3EB8694-DC56-4E35-9659-B2787F872E08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3560s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28EAFD3D-1697-42BA-941E-2970A1177302",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r144-v2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3560s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D2A4A4-B81E-4034-863D-900D95166543",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
}
],
"id": "CVE-2023-31156",
"lastModified": "2024-11-21T08:01:30.890",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4,
"source": "security@selinc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-10T20:15:10.633",
"references": [
{
"source": "security@selinc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"source": "security@selinc.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nozominetworks.com/blog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"sourceIdentifier": "security@selinc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@selinc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-31158
Vulnerability from fkie_nvd - Published: 2023-05-10 20:15 - Updated: 2024-11-21 08:01
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
References
| URL | Tags | ||
|---|---|---|---|
| security@selinc.com | https://selinc.com/support/security-notifications/external-reports/ | Vendor Advisory | |
| security@selinc.com | https://www.nozominetworks.com/blog/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://selinc.com/support/security-notifications/external-reports/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.nozominetworks.com/blog/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| selinc | sel-2241_rtac_module_firmware | * | |
| selinc | sel-2241_rtac_module | - | |
| selinc | sel-3350_firmware | * | |
| selinc | sel-3350 | - | |
| selinc | sel-3505_firmware | * | |
| selinc | sel-3505 | - | |
| selinc | sel-3505-3_firmware | * | |
| selinc | sel-3505-3 | - | |
| selinc | sel-3530_firmware | * | |
| selinc | sel-3530 | - | |
| selinc | sel-3530-4_firmware | * | |
| selinc | sel-3530-4 | - | |
| selinc | sel-3532_firmware | * | |
| selinc | sel-3532 | - | |
| selinc | sel-3555_firmware | * | |
| selinc | sel-3555 | - | |
| selinc | sel-3560e_firmware | * | |
| selinc | sel-3560e | - | |
| selinc | sel-3560s_firmware | * | |
| selinc | sel-3560s | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-2241_rtac_module_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D2D202A-9B85-4BA0-8FE4-A6F71F369E8D",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-2241_rtac_module:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE4A1AB9-1190-4620-BF97-4A5569E74310",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "490EC90A-C8C4-4AEA-90E8-DA1C6D11932C",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r148-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA7F410-7F74-4EF1-913E-7B34674716DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3505_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65D15943-DDAB-446D-9179-CEEEF7EDA5BA",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3505:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14D78E73-46F2-4D00-A75B-909752E36EB4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3505-3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39E788ED-56DC-455E-B907-9DA7ED359CB9",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3505-3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A479C2B-F691-4E04-B551-9F631E5A2A0F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3530_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4821D90-2614-48D3-AFFC-B65C94E8968C",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3530:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E56BC08-9C49-4614-8F52-3413B804A128",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3530-4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6F4CFF-173F-4B68-8296-6F3713F98460",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3530-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB424E1B-2AE3-449E-9AA1-2AF48C1920FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3532_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9982B6A-2CED-4EF4-946D-E4B8A8CE3935",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3532:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E573857F-C6DC-4E59-8F5B-4C51ED4D69DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3555_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9333068D-CE59-4644-879F-A1B29D07C26B",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r134-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3555:-:*:*:*:*:*:*:*",
"matchCriteriaId": "282F6DB1-4B0F-424F-B5E4-0827F1E7EE6F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3560e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF86940-89E4-4D3C-B51D-CF189B8B20A3",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r144-v2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3560e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3EB8694-DC56-4E35-9659-B2787F872E08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3560s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28EAFD3D-1697-42BA-941E-2970A1177302",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r144-v2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3560s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D2A4A4-B81E-4034-863D-900D95166543",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
}
],
"id": "CVE-2023-31158",
"lastModified": "2024-11-21T08:01:31.220",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4,
"source": "security@selinc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-10T20:15:10.823",
"references": [
{
"source": "security@selinc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"source": "security@selinc.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nozominetworks.com/blog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"sourceIdentifier": "security@selinc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@selinc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-2310
Vulnerability from fkie_nvd - Published: 2023-05-10 20:15 - Updated: 2024-11-21 07:58
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer Engineering Laboratories SEL Real-Time Automation Controller (RTAC) could allow a remote attacker to perform a man-in-the-middle (MiTM) that could result in denial of service.
See the ACSELERATOR RTAC SEL-5033 Software instruction manual date code 20210915 for more details.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| selinc | sel-2241_rtac_module_firmware | * | |
| selinc | sel-2241_rtac_module | - | |
| selinc | sel-3350_firmware | * | |
| selinc | sel-3350 | - | |
| selinc | sel-3505_firmware | * | |
| selinc | sel-3505 | - | |
| selinc | sel-3505-3_firmware | * | |
| selinc | sel-3505-3 | - | |
| selinc | sel-3530_firmware | * | |
| selinc | sel-3530 | - | |
| selinc | sel-3530-4_firmware | * | |
| selinc | sel-3530-4 | - | |
| selinc | sel-3532_firmware | * | |
| selinc | sel-3532 | - | |
| selinc | sel-3555_firmware | * | |
| selinc | sel-3555 | - | |
| selinc | sel-3560e_firmware | * | |
| selinc | sel-3560e | - | |
| selinc | sel-3560s_firmware | * | |
| selinc | sel-3560s | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-2241_rtac_module_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92EC2190-5E06-429E-A06A-76571E7ED430",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r113-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-2241_rtac_module:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE4A1AB9-1190-4620-BF97-4A5569E74310",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "490EC90A-C8C4-4AEA-90E8-DA1C6D11932C",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r148-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA7F410-7F74-4EF1-913E-7B34674716DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3505_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2161BCBC-6892-47E6-9A9F-0A82F0AA6A92",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r119-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3505:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14D78E73-46F2-4D00-A75B-909752E36EB4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3505-3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39E788ED-56DC-455E-B907-9DA7ED359CB9",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3505-3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A479C2B-F691-4E04-B551-9F631E5A2A0F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3530_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A438B8C-AD18-47F5-94BF-2484D778EA75",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r100-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3530:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E56BC08-9C49-4614-8F52-3413B804A128",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3530-4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C48D1C36-0F34-4A95-88E2-B69DE8803AF7",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r108-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3530-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB424E1B-2AE3-449E-9AA1-2AF48C1920FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3532_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9982B6A-2CED-4EF4-946D-E4B8A8CE3935",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3532:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E573857F-C6DC-4E59-8F5B-4C51ED4D69DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3555_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9333068D-CE59-4644-879F-A1B29D07C26B",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r134-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3555:-:*:*:*:*:*:*:*",
"matchCriteriaId": "282F6DB1-4B0F-424F-B5E4-0827F1E7EE6F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3560e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF86940-89E4-4D3C-B51D-CF189B8B20A3",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r144-v2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3560e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3EB8694-DC56-4E35-9659-B2787F872E08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3560s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28EAFD3D-1697-42BA-941E-2970A1177302",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r144-v2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3560s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D2A4A4-B81E-4034-863D-900D95166543",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer Engineering Laboratories SEL Real-Time Automation Controller (RTAC) could allow a remote attacker to perform a man-in-the-middle (MiTM) that could result in denial of service.\n\nSee the ACSELERATOR RTAC SEL-5033 Software instruction manual date code 20210915 for more details."
}
],
"id": "CVE-2023-2310",
"lastModified": "2024-11-21T07:58:21.540",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2,
"source": "security@selinc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-10T20:15:09.637",
"references": [
{
"source": "security@selinc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
}
],
"sourceIdentifier": "security@selinc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-300"
}
],
"source": "security@selinc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-31148
Vulnerability from fkie_nvd - Published: 2023-05-10 20:15 - Updated: 2024-11-21 08:01
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An Improper Input Validation vulnerability
in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code.
See SEL Service Bulletin dated 2022-11-15 for more details.
References
| URL | Tags | ||
|---|---|---|---|
| security@selinc.com | https://selinc.com/support/security-notifications/external-reports/ | Vendor Advisory | |
| security@selinc.com | https://www.nozominetworks.com/blog/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://selinc.com/support/security-notifications/external-reports/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.nozominetworks.com/blog/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| selinc | sel-2241_rtac_module_firmware | * | |
| selinc | sel-2241_rtac_module | - | |
| selinc | sel-3350_firmware | * | |
| selinc | sel-3350 | - | |
| selinc | sel-3505_firmware | * | |
| selinc | sel-3505 | - | |
| selinc | sel-3505-3_firmware | * | |
| selinc | sel-3505-3 | - | |
| selinc | sel-3530_firmware | * | |
| selinc | sel-3530 | - | |
| selinc | sel-3530-4_firmware | * | |
| selinc | sel-3530-4 | - | |
| selinc | sel-3532_firmware | * | |
| selinc | sel-3532 | - | |
| selinc | sel-3555_firmware | * | |
| selinc | sel-3555 | - | |
| selinc | sel-3560e_firmware | * | |
| selinc | sel-3560e | - | |
| selinc | sel-3560s_firmware | * | |
| selinc | sel-3560s | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-2241_rtac_module_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D2D202A-9B85-4BA0-8FE4-A6F71F369E8D",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-2241_rtac_module:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE4A1AB9-1190-4620-BF97-4A5569E74310",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "490EC90A-C8C4-4AEA-90E8-DA1C6D11932C",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r148-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA7F410-7F74-4EF1-913E-7B34674716DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3505_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65D15943-DDAB-446D-9179-CEEEF7EDA5BA",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3505:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14D78E73-46F2-4D00-A75B-909752E36EB4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3505-3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39E788ED-56DC-455E-B907-9DA7ED359CB9",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3505-3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A479C2B-F691-4E04-B551-9F631E5A2A0F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3530_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4821D90-2614-48D3-AFFC-B65C94E8968C",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3530:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E56BC08-9C49-4614-8F52-3413B804A128",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3530-4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6F4CFF-173F-4B68-8296-6F3713F98460",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3530-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB424E1B-2AE3-449E-9AA1-2AF48C1920FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3532_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9982B6A-2CED-4EF4-946D-E4B8A8CE3935",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3532:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E573857F-C6DC-4E59-8F5B-4C51ED4D69DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3555_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9333068D-CE59-4644-879F-A1B29D07C26B",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r134-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3555:-:*:*:*:*:*:*:*",
"matchCriteriaId": "282F6DB1-4B0F-424F-B5E4-0827F1E7EE6F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3560e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF86940-89E4-4D3C-B51D-CF189B8B20A3",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r144-v2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3560e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3EB8694-DC56-4E35-9659-B2787F872E08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3560s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28EAFD3D-1697-42BA-941E-2970A1177302",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r144-v2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3560s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D2A4A4-B81E-4034-863D-900D95166543",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Input Validation vulnerability \n\nin the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code.\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
}
],
"id": "CVE-2023-31148",
"lastModified": "2024-11-21T08:01:29.547",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "security@selinc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-10T20:15:09.847",
"references": [
{
"source": "security@selinc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"source": "security@selinc.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nozominetworks.com/blog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"sourceIdentifier": "security@selinc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security@selinc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-31149
Vulnerability from fkie_nvd - Published: 2023-05-10 20:15 - Updated: 2024-11-21 08:01
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An Improper Input Validation vulnerability
in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code.
See SEL Service Bulletin dated 2022-11-15 for more details.
References
| URL | Tags | ||
|---|---|---|---|
| security@selinc.com | https://selinc.com/support/security-notifications/external-reports/ | Vendor Advisory | |
| security@selinc.com | https://www.nozominetworks.com/blog/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://selinc.com/support/security-notifications/external-reports/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.nozominetworks.com/blog/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| selinc | sel-2241_rtac_module_firmware | * | |
| selinc | sel-2241_rtac_module | - | |
| selinc | sel-3350_firmware | * | |
| selinc | sel-3350 | - | |
| selinc | sel-3505_firmware | * | |
| selinc | sel-3505 | - | |
| selinc | sel-3505-3_firmware | * | |
| selinc | sel-3505-3 | - | |
| selinc | sel-3530_firmware | * | |
| selinc | sel-3530 | - | |
| selinc | sel-3530-4_firmware | * | |
| selinc | sel-3530-4 | - | |
| selinc | sel-3532_firmware | * | |
| selinc | sel-3532 | - | |
| selinc | sel-3555_firmware | * | |
| selinc | sel-3555 | - | |
| selinc | sel-3560e_firmware | * | |
| selinc | sel-3560e | - | |
| selinc | sel-3560s_firmware | * | |
| selinc | sel-3560s | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-2241_rtac_module_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D2D202A-9B85-4BA0-8FE4-A6F71F369E8D",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-2241_rtac_module:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE4A1AB9-1190-4620-BF97-4A5569E74310",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "490EC90A-C8C4-4AEA-90E8-DA1C6D11932C",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r148-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA7F410-7F74-4EF1-913E-7B34674716DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3505_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65D15943-DDAB-446D-9179-CEEEF7EDA5BA",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3505:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14D78E73-46F2-4D00-A75B-909752E36EB4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3505-3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39E788ED-56DC-455E-B907-9DA7ED359CB9",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3505-3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A479C2B-F691-4E04-B551-9F631E5A2A0F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3530_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4821D90-2614-48D3-AFFC-B65C94E8968C",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3530:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E56BC08-9C49-4614-8F52-3413B804A128",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3530-4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6F4CFF-173F-4B68-8296-6F3713F98460",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3530-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB424E1B-2AE3-449E-9AA1-2AF48C1920FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3532_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9982B6A-2CED-4EF4-946D-E4B8A8CE3935",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3532:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E573857F-C6DC-4E59-8F5B-4C51ED4D69DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3555_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9333068D-CE59-4644-879F-A1B29D07C26B",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r134-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3555:-:*:*:*:*:*:*:*",
"matchCriteriaId": "282F6DB1-4B0F-424F-B5E4-0827F1E7EE6F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3560e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF86940-89E4-4D3C-B51D-CF189B8B20A3",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r144-v2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3560e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3EB8694-DC56-4E35-9659-B2787F872E08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3560s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28EAFD3D-1697-42BA-941E-2970A1177302",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r144-v2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3560s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D2A4A4-B81E-4034-863D-900D95166543",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nAn Improper Input Validation vulnerability \n\nin the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code.\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n"
}
],
"id": "CVE-2023-31149",
"lastModified": "2024-11-21T08:01:29.710",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "security@selinc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-10T20:15:09.947",
"references": [
{
"source": "security@selinc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"source": "security@selinc.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nozominetworks.com/blog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"sourceIdentifier": "security@selinc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security@selinc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-31166 (GCVE-0-2023-31166)
Vulnerability from cvelistv5 – Published: 2023-05-10 19:25 – Updated: 2025-01-24 19:28
VLAI?
Title
Improper Limitation of a Pathname to a Restricted Directory
Summary
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to create folders in arbitrary paths of the file system.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.1 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R126-V0 , < R150-V2
(custom)
Affected: R126-V0 , < R149-V4 (custom) Affected: R126-V0 , < R148-V7 (custom) Affected: R126-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Andrea Palanca, Nozomi Networks
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31166",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:28:10.395795Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:28:19.480Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to create folders in arbitrary paths of the file system.\u003cbr\u003e\u003cbr\u003eSee SEL Service Bulletin dated 2022-11-15 for more details."
}
],
"value": "An Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to create folders in arbitrary paths of the file system.\n\nSee SEL Service Bulletin dated 2022-11-15 for more details."
}
],
"impacts": [
{
"capecId": "CAPEC-643",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-643 Identify Shared Files/Directories on System"
}
]
},
{
"capecId": "CAPEC-176",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-176 Configuration/Environment Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:25:59.606Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Limitation of a Pathname to a Restricted Directory",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31166",
"datePublished": "2023-05-10T19:25:59.606Z",
"dateReserved": "2023-04-24T23:19:33.137Z",
"dateUpdated": "2025-01-24T19:28:19.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31165 (GCVE-0-2023-31165)
Vulnerability from cvelistv5 – Published: 2023-05-10 19:25 – Updated: 2025-01-24 19:27
VLAI?
Title
Improper Neutralization of Input During Web Page Generation
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R119-V0 , < R150-V2
(custom)
Affected: R119-V0 , < R149-V4 (custom) Affected: R119-V0 , < R148-V7 (custom) Affected: R119-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Andrea Palanca, Nozomi Networks
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.790Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31165",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:27:51.348037Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:27:55.295Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003cbr\u003e\u003cdiv\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003c/div\u003e\u003c/div\u003e\n\n"
}
],
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:25:34.186Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31165",
"datePublished": "2023-05-10T19:25:34.186Z",
"dateReserved": "2023-04-24T23:19:33.137Z",
"dateUpdated": "2025-01-24T19:27:55.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31164 (GCVE-0-2023-31164)
Vulnerability from cvelistv5 – Published: 2023-05-10 19:25 – Updated: 2025-01-24 19:27
VLAI?
Title
Improper Neutralization of Input During Web Page Generation
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R119-V0 , < R150-V2
(custom)
Affected: R119-V0 , < R149-V4 (custom) Affected: R119-V0 , < R148-V7 (custom) Affected: R119-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Andrea Palanca, Nozomi Networks
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.764Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31164",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:27:36.186170Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:27:38.573Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003cbr\u003e\u003cdiv\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003c/div\u003e\u003c/div\u003e\n\n"
}
],
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:25:16.534Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31164",
"datePublished": "2023-05-10T19:25:16.534Z",
"dateReserved": "2023-04-24T23:19:33.137Z",
"dateUpdated": "2025-01-24T19:27:38.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31163 (GCVE-0-2023-31163)
Vulnerability from cvelistv5 – Published: 2023-05-10 19:24 – Updated: 2025-01-24 19:27
VLAI?
Title
Improper Neutralization of Input During Web Page Generation
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R119-V0 , < R150-V2
(custom)
Affected: R119-V0 , < R149-V4 (custom) Affected: R119-V0 , < R148-V7 (custom) Affected: R119-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Andrea Palanca, Nozomi Networks
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.738Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31163",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:27:10.625855Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:27:13.760Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003cbr\u003e\u003cdiv\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003c/div\u003e\u003c/div\u003e\n\n"
}
],
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:24:45.965Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31163",
"datePublished": "2023-05-10T19:24:45.965Z",
"dateReserved": "2023-04-24T23:19:33.136Z",
"dateUpdated": "2025-01-24T19:27:13.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31162 (GCVE-0-2023-31162)
Vulnerability from cvelistv5 – Published: 2023-05-10 19:24 – Updated: 2025-01-24 19:26
VLAI?
Title
Improper Input Validation in Web Interface
Summary
An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to arbitrarily alter the content of a configuration file.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.8 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R149-V0 , < R150-V2
(custom)
Affected: R149-V0 , < R149-V4 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Andrea Palanca, Nozomi Networks
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.773Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31162",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:26:51.589571Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:26:55.712Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to arbitrarily alter the content of a configuration file.\u003cbr\u003e\u003cbr\u003eSee SEL Service Bulletin dated 2022-11-15 for more details."
}
],
"value": "An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to arbitrarily alter the content of a configuration file.\n\nSee SEL Service Bulletin dated 2022-11-15 for more details."
}
],
"impacts": [
{
"capecId": "CAPEC-176",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-176 Configuration/Environment Manipulation"
}
]
},
{
"capecId": "CAPEC-275",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-275 DNS Rebinding"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:24:20.480Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Input Validation in Web Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31162",
"datePublished": "2023-05-10T19:24:20.480Z",
"dateReserved": "2023-04-24T23:19:33.136Z",
"dateUpdated": "2025-01-24T19:26:55.712Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31160 (GCVE-0-2023-31160)
Vulnerability from cvelistv5 – Published: 2023-05-10 19:23 – Updated: 2025-01-24 19:19
VLAI?
Title
Improper Neutralization of Input During Web Page Generation
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R132-V0 , < R150-V2
(custom)
Affected: R132-V0 , < R149-V4 (custom) Affected: R132-V0 , < R148-V7 (custom) Affected: R132-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Andrea Palanca, Nozomi Networks
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31160",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:19:22.925031Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:19:25.906Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003c/div\u003e\n\n\u003cp\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:23:43.200Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31160",
"datePublished": "2023-05-10T19:23:43.200Z",
"dateReserved": "2023-04-24T23:19:33.136Z",
"dateUpdated": "2025-01-24T19:19:25.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31166 (GCVE-0-2023-31166)
Vulnerability from nvd – Published: 2023-05-10 19:25 – Updated: 2025-01-24 19:28
VLAI?
Title
Improper Limitation of a Pathname to a Restricted Directory
Summary
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to create folders in arbitrary paths of the file system.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.1 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R126-V0 , < R150-V2
(custom)
Affected: R126-V0 , < R149-V4 (custom) Affected: R126-V0 , < R148-V7 (custom) Affected: R126-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Andrea Palanca, Nozomi Networks
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31166",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:28:10.395795Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:28:19.480Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to create folders in arbitrary paths of the file system.\u003cbr\u003e\u003cbr\u003eSee SEL Service Bulletin dated 2022-11-15 for more details."
}
],
"value": "An Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to create folders in arbitrary paths of the file system.\n\nSee SEL Service Bulletin dated 2022-11-15 for more details."
}
],
"impacts": [
{
"capecId": "CAPEC-643",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-643 Identify Shared Files/Directories on System"
}
]
},
{
"capecId": "CAPEC-176",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-176 Configuration/Environment Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:25:59.606Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Limitation of a Pathname to a Restricted Directory",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31166",
"datePublished": "2023-05-10T19:25:59.606Z",
"dateReserved": "2023-04-24T23:19:33.137Z",
"dateUpdated": "2025-01-24T19:28:19.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31165 (GCVE-0-2023-31165)
Vulnerability from nvd – Published: 2023-05-10 19:25 – Updated: 2025-01-24 19:27
VLAI?
Title
Improper Neutralization of Input During Web Page Generation
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R119-V0 , < R150-V2
(custom)
Affected: R119-V0 , < R149-V4 (custom) Affected: R119-V0 , < R148-V7 (custom) Affected: R119-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Andrea Palanca, Nozomi Networks
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.790Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31165",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:27:51.348037Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:27:55.295Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003cbr\u003e\u003cdiv\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003c/div\u003e\u003c/div\u003e\n\n"
}
],
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:25:34.186Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31165",
"datePublished": "2023-05-10T19:25:34.186Z",
"dateReserved": "2023-04-24T23:19:33.137Z",
"dateUpdated": "2025-01-24T19:27:55.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31164 (GCVE-0-2023-31164)
Vulnerability from nvd – Published: 2023-05-10 19:25 – Updated: 2025-01-24 19:27
VLAI?
Title
Improper Neutralization of Input During Web Page Generation
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R119-V0 , < R150-V2
(custom)
Affected: R119-V0 , < R149-V4 (custom) Affected: R119-V0 , < R148-V7 (custom) Affected: R119-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Andrea Palanca, Nozomi Networks
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.764Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31164",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:27:36.186170Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:27:38.573Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003cbr\u003e\u003cdiv\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003c/div\u003e\u003c/div\u003e\n\n"
}
],
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:25:16.534Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31164",
"datePublished": "2023-05-10T19:25:16.534Z",
"dateReserved": "2023-04-24T23:19:33.137Z",
"dateUpdated": "2025-01-24T19:27:38.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31163 (GCVE-0-2023-31163)
Vulnerability from nvd – Published: 2023-05-10 19:24 – Updated: 2025-01-24 19:27
VLAI?
Title
Improper Neutralization of Input During Web Page Generation
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R119-V0 , < R150-V2
(custom)
Affected: R119-V0 , < R149-V4 (custom) Affected: R119-V0 , < R148-V7 (custom) Affected: R119-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Andrea Palanca, Nozomi Networks
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.738Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31163",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:27:10.625855Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:27:13.760Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003cbr\u003e\u003cdiv\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003c/div\u003e\u003c/div\u003e\n\n"
}
],
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:24:45.965Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31163",
"datePublished": "2023-05-10T19:24:45.965Z",
"dateReserved": "2023-04-24T23:19:33.136Z",
"dateUpdated": "2025-01-24T19:27:13.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31162 (GCVE-0-2023-31162)
Vulnerability from nvd – Published: 2023-05-10 19:24 – Updated: 2025-01-24 19:26
VLAI?
Title
Improper Input Validation in Web Interface
Summary
An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to arbitrarily alter the content of a configuration file.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.8 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R149-V0 , < R150-V2
(custom)
Affected: R149-V0 , < R149-V4 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Andrea Palanca, Nozomi Networks
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.773Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31162",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:26:51.589571Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:26:55.712Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to arbitrarily alter the content of a configuration file.\u003cbr\u003e\u003cbr\u003eSee SEL Service Bulletin dated 2022-11-15 for more details."
}
],
"value": "An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to arbitrarily alter the content of a configuration file.\n\nSee SEL Service Bulletin dated 2022-11-15 for more details."
}
],
"impacts": [
{
"capecId": "CAPEC-176",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-176 Configuration/Environment Manipulation"
}
]
},
{
"capecId": "CAPEC-275",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-275 DNS Rebinding"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:24:20.480Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Input Validation in Web Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31162",
"datePublished": "2023-05-10T19:24:20.480Z",
"dateReserved": "2023-04-24T23:19:33.136Z",
"dateUpdated": "2025-01-24T19:26:55.712Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}