FKIE_CVE-2023-2310
Vulnerability from fkie_nvd - Published: 2023-05-10 20:15 - Updated: 2024-11-21 07:58
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer Engineering Laboratories SEL Real-Time Automation Controller (RTAC) could allow a remote attacker to perform a man-in-the-middle (MiTM) that could result in denial of service.
See the ACSELERATOR RTAC SEL-5033 Software instruction manual date code 20210915 for more details.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| selinc | sel-2241_rtac_module_firmware | * | |
| selinc | sel-2241_rtac_module | - | |
| selinc | sel-3350_firmware | * | |
| selinc | sel-3350 | - | |
| selinc | sel-3505_firmware | * | |
| selinc | sel-3505 | - | |
| selinc | sel-3505-3_firmware | * | |
| selinc | sel-3505-3 | - | |
| selinc | sel-3530_firmware | * | |
| selinc | sel-3530 | - | |
| selinc | sel-3530-4_firmware | * | |
| selinc | sel-3530-4 | - | |
| selinc | sel-3532_firmware | * | |
| selinc | sel-3532 | - | |
| selinc | sel-3555_firmware | * | |
| selinc | sel-3555 | - | |
| selinc | sel-3560e_firmware | * | |
| selinc | sel-3560e | - | |
| selinc | sel-3560s_firmware | * | |
| selinc | sel-3560s | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-2241_rtac_module_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92EC2190-5E06-429E-A06A-76571E7ED430",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r113-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-2241_rtac_module:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE4A1AB9-1190-4620-BF97-4A5569E74310",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "490EC90A-C8C4-4AEA-90E8-DA1C6D11932C",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r148-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA7F410-7F74-4EF1-913E-7B34674716DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3505_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2161BCBC-6892-47E6-9A9F-0A82F0AA6A92",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r119-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3505:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14D78E73-46F2-4D00-A75B-909752E36EB4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3505-3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39E788ED-56DC-455E-B907-9DA7ED359CB9",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3505-3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A479C2B-F691-4E04-B551-9F631E5A2A0F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3530_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A438B8C-AD18-47F5-94BF-2484D778EA75",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r100-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3530:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E56BC08-9C49-4614-8F52-3413B804A128",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3530-4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C48D1C36-0F34-4A95-88E2-B69DE8803AF7",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r108-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3530-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB424E1B-2AE3-449E-9AA1-2AF48C1920FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3532_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9982B6A-2CED-4EF4-946D-E4B8A8CE3935",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r132-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3532:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E573857F-C6DC-4E59-8F5B-4C51ED4D69DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3555_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9333068D-CE59-4644-879F-A1B29D07C26B",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r134-v0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3555:-:*:*:*:*:*:*:*",
"matchCriteriaId": "282F6DB1-4B0F-424F-B5E4-0827F1E7EE6F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3560e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF86940-89E4-4D3C-B51D-CF189B8B20A3",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r144-v2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3560e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3EB8694-DC56-4E35-9659-B2787F872E08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:selinc:sel-3560s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28EAFD3D-1697-42BA-941E-2970A1177302",
"versionEndExcluding": "r150-v2",
"versionStartIncluding": "r144-v2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:selinc:sel-3560s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D2A4A4-B81E-4034-863D-900D95166543",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer Engineering Laboratories SEL Real-Time Automation Controller (RTAC) could allow a remote attacker to perform a man-in-the-middle (MiTM) that could result in denial of service.\n\nSee the ACSELERATOR RTAC SEL-5033 Software instruction manual date code 20210915 for more details."
}
],
"id": "CVE-2023-2310",
"lastModified": "2024-11-21T07:58:21.540",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2,
"source": "security@selinc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-10T20:15:09.637",
"references": [
{
"source": "security@selinc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
}
],
"sourceIdentifier": "security@selinc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-300"
}
],
"source": "security@selinc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…