Search

Find a vulnerability

Search criteria

    12 vulnerabilities found for SEL-5030 acSELerator QuickSet Software by Schweitzer Engineering Laboratories

    CVE-2025-48018 (GCVE-0-2025-48018)

    Vulnerability from nvd – Published: 2025-05-20 15:14 – Updated: 2025-05-20 15:43
    VLAI
    Title
    Deserialization of Untrusted Data
    Summary
    An authenticated user can modify application state data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    SEL
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-48018",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-20T15:42:16.873274Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-20T15:43:44.337Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "SEL-5030 acSELerator QuickSet Software",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "7.5.2.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An authenticated user can modify application state data."
                }
              ],
              "value": "An authenticated user can modify application state data."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-20T15:14:36.200Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/products/software/latest-software-versions/"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Deserialization of Untrusted Data",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2025-48018",
        "datePublished": "2025-05-20T15:14:36.200Z",
        "dateReserved": "2025-05-15T00:31:11.898Z",
        "dateUpdated": "2025-05-20T15:43:44.337Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31172 (GCVE-0-2023-31172)

    Vulnerability from nvd – Published: 2023-08-31 15:30 – Updated: 2024-09-27 18:42
    VLAI
    Title
    Incomplete Filtering of Special Elements
    Summary
    An Incomplete Filtering of Special Elements vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-791 - Incomplete Filtering of Special Elements
    Assigner
    SEL
    Impacted products
    Date Public
    2023-08-31 16:00
    Credits
    Gabriele Quagliarella of Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:45:25.755Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nozominetworks.com/blog/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31172",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-27T18:05:16.595821Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-27T18:42:58.512Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "SEL-5030 acSELerator QuickSet Software",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThanOrEqual": "7.1.3.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Gabriele Quagliarella of Nozomi Networks"
            }
          ],
          "datePublic": "2023-08-31T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nAn Incomplete Filtering of Special Elements vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator.\n\n\u003cbr\u003e\u003cbr\u003e\n\nSee Instruction Manual Appendix A and Appendix E dated 20230615 for more details.\n\n\u003cbr\u003e\u003cp\u003eThis issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.\u003c/p\u003e"
                }
              ],
              "value": "\nAn Incomplete Filtering of Special Elements vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator.\n\n\n\n\n\nSee Instruction Manual Appendix A and Appendix E dated 20230615 for more details.\n\n\nThis issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-549",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-549 Local Execution of Code"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-791",
                  "description": "CWE-791: Incomplete Filtering of Special Elements",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-31T15:30:49.213Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            },
            {
              "url": "https://www.nozominetworks.com/blog/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Incomplete Filtering of Special Elements",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-31172",
        "datePublished": "2023-08-31T15:30:49.213Z",
        "dateReserved": "2023-04-24T23:20:01.609Z",
        "dateUpdated": "2024-09-27T18:42:58.512Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31171 (GCVE-0-2023-31171)

    Vulnerability from nvd – Published: 2023-08-31 15:30 – Updated: 2024-09-27 18:48
    VLAI
    Title
    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Summary
    An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    SEL
    Impacted products
    Date Public
    2023-08-31 16:00
    Credits
    Gabriele Quagliarella of Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:45:25.875Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nozominetworks.com/blog/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31171",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-27T18:06:44.809247Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-27T18:48:28.691Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "SEL-5030 acSELerator QuickSet Software",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThanOrEqual": "7.1.3.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Gabriele Quagliarella of Nozomi Networks"
            }
          ],
          "datePublic": "2023-08-31T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nAn Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator.\n\n\u003cbr\u003e\u003cbr\u003e\n\nSee Instruction Manual Appendix A and Appendix E dated 20230615 for more details.\n\n\u003cbr\u003e\u003cp\u003eThis issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.\u003c/p\u003e"
                }
              ],
              "value": "\nAn Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator.\n\n\n\n\n\nSee Instruction Manual Appendix A and Appendix E dated 20230615 for more details.\n\n\nThis issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-549",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-549 Local Execution of Code"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-31T15:30:41.030Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            },
            {
              "url": "https://www.nozominetworks.com/blog/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-31171",
        "datePublished": "2023-08-31T15:30:41.030Z",
        "dateReserved": "2023-04-24T23:20:01.609Z",
        "dateUpdated": "2024-09-27T18:48:28.691Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31170 (GCVE-0-2023-31170)

    Vulnerability from nvd – Published: 2023-08-31 15:30 – Updated: 2024-09-27 18:49
    VLAI
    Title
    Inclusion of Functionality from Untrusted Control Sphere
    Summary
    An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
    Assigner
    SEL
    Impacted products
    Date Public
    2023-08-31 16:00
    Credits
    Gabriele Quagliarella of Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:45:25.823Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nozominetworks.com/blog/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31170",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-27T18:07:23.936703Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-27T18:49:02.329Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "SEL-5030 acSELerator QuickSet Software",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThanOrEqual": "7.1.3.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Gabriele Quagliarella of Nozomi Networks"
            }
          ],
          "datePublic": "2023-08-31T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nAn Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator.\u003cbr\u003e\u003cbr\u003e\n\nSee Instruction Manual Appendix A and Appendix E dated 20230615 for more details.\n\n\u003cbr\u003e\n\n\u003cp\u003eThis issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.\u003c/p\u003e"
                }
              ],
              "value": "\nAn Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator.\n\n\n\nSee Instruction Manual Appendix A and Appendix E dated 20230615 for more details.\n\n\n\n\nThis issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-549",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-549 Local Execution of Code"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-829",
                  "description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-31T15:30:32.665Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            },
            {
              "url": "https://www.nozominetworks.com/blog/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": " Inclusion of Functionality from Untrusted Control Sphere",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-31170",
        "datePublished": "2023-08-31T15:30:32.665Z",
        "dateReserved": "2023-04-24T23:20:01.608Z",
        "dateUpdated": "2024-09-27T18:49:02.329Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31169 (GCVE-0-2023-31169)

    Vulnerability from nvd – Published: 2023-08-31 15:30 – Updated: 2024-09-27 18:49
    VLAI
    Title
    Improper Handling of Unicode Encoding
    Summary
    An Improper Handling of Unicode Encoding vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-176 - Improper Handling of Unicode Encoding
    Assigner
    SEL
    Impacted products
    Date Public
    2023-08-31 16:00
    Credits
    Gabriele Quagliarella of Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:45:25.771Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nozominetworks.com/blog/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31169",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-27T18:07:42.711772Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-27T18:49:59.858Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "SEL-5030 acSELerator QuickSet Software",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThanOrEqual": "7.1.3.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Gabriele Quagliarella of Nozomi Networks"
            }
          ],
          "datePublic": "2023-08-31T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nAn Improper Handling of Unicode Encoding vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator.\n\n\u003cbr\u003e\u003cbr\u003e\n\nSee Instruction Manual Appendix A and Appendix E dated 20230615 for more details.\u003cbr\u003e\u003cp\u003eThis issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.\u003c/p\u003e"
                }
              ],
              "value": "\nAn Improper Handling of Unicode Encoding vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator.\n\n\n\n\n\nSee Instruction Manual Appendix A and Appendix E dated 20230615 for more details.\nThis issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-549",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-549 Local Execution of Code"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-176",
                  "description": "CWE-176 Improper Handling of Unicode Encoding",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-31T15:30:23.541Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            },
            {
              "url": "https://www.nozominetworks.com/blog/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Improper Handling of Unicode Encoding",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-31169",
        "datePublished": "2023-08-31T15:30:23.541Z",
        "dateReserved": "2023-04-24T23:20:01.608Z",
        "dateUpdated": "2024-09-27T18:49:59.858Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31168 (GCVE-0-2023-31168)

    Vulnerability from nvd – Published: 2023-08-31 15:30 – Updated: 2024-09-27 18:52
    VLAI
    Title
    Inclusion of Functionality from Untrusted Control Sphere
    Summary
    An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
    Assigner
    SEL
    Impacted products
    Date Public
    2023-08-31 16:00
    Credits
    Gabriele Quagliarella of Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:45:26.170Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nozominetworks.com/blog/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31168",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-27T18:07:54.773013Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-27T18:52:57.616Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "SEL-5030 acSELerator QuickSet Software",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThanOrEqual": "7.1.3.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Gabriele Quagliarella of Nozomi Networks"
            }
          ],
          "datePublic": "2023-08-31T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cp\u003eAn Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator.\u003cbr\u003e\u003cbr\u003e\n\nSee Instruction Manual Appendix A and Appendix E dated 20230615 for more details.\u003cbr\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eThis issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.\u003c/p\u003e"
                }
              ],
              "value": "\nAn Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator.\n\n\n\nSee Instruction Manual Appendix A and Appendix E dated 20230615 for more details.\n\n\n\n\n\n\nThis issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-549",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-549 Local Execution of Code"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-829",
                  "description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-31T15:30:14.809Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            },
            {
              "url": "https://www.nozominetworks.com/blog/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": " Inclusion of Functionality from Untrusted Control Sphere",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-31168",
        "datePublished": "2023-08-31T15:30:14.809Z",
        "dateReserved": "2023-04-24T23:20:01.608Z",
        "dateUpdated": "2024-09-27T18:52:57.616Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-48018 (GCVE-0-2025-48018)

    Vulnerability from cvelistv5 – Published: 2025-05-20 15:14 – Updated: 2025-05-20 15:43
    VLAI
    Title
    Deserialization of Untrusted Data
    Summary
    An authenticated user can modify application state data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    SEL
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-48018",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-20T15:42:16.873274Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-20T15:43:44.337Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "SEL-5030 acSELerator QuickSet Software",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "7.5.2.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An authenticated user can modify application state data."
                }
              ],
              "value": "An authenticated user can modify application state data."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-20T15:14:36.200Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/products/software/latest-software-versions/"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Deserialization of Untrusted Data",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2025-48018",
        "datePublished": "2025-05-20T15:14:36.200Z",
        "dateReserved": "2025-05-15T00:31:11.898Z",
        "dateUpdated": "2025-05-20T15:43:44.337Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31172 (GCVE-0-2023-31172)

    Vulnerability from cvelistv5 – Published: 2023-08-31 15:30 – Updated: 2024-09-27 18:42
    VLAI
    Title
    Incomplete Filtering of Special Elements
    Summary
    An Incomplete Filtering of Special Elements vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-791 - Incomplete Filtering of Special Elements
    Assigner
    SEL
    Impacted products
    Date Public
    2023-08-31 16:00
    Credits
    Gabriele Quagliarella of Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:45:25.755Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nozominetworks.com/blog/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31172",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-27T18:05:16.595821Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-27T18:42:58.512Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "SEL-5030 acSELerator QuickSet Software",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThanOrEqual": "7.1.3.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Gabriele Quagliarella of Nozomi Networks"
            }
          ],
          "datePublic": "2023-08-31T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nAn Incomplete Filtering of Special Elements vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator.\n\n\u003cbr\u003e\u003cbr\u003e\n\nSee Instruction Manual Appendix A and Appendix E dated 20230615 for more details.\n\n\u003cbr\u003e\u003cp\u003eThis issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.\u003c/p\u003e"
                }
              ],
              "value": "\nAn Incomplete Filtering of Special Elements vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator.\n\n\n\n\n\nSee Instruction Manual Appendix A and Appendix E dated 20230615 for more details.\n\n\nThis issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-549",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-549 Local Execution of Code"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-791",
                  "description": "CWE-791: Incomplete Filtering of Special Elements",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-31T15:30:49.213Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            },
            {
              "url": "https://www.nozominetworks.com/blog/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Incomplete Filtering of Special Elements",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-31172",
        "datePublished": "2023-08-31T15:30:49.213Z",
        "dateReserved": "2023-04-24T23:20:01.609Z",
        "dateUpdated": "2024-09-27T18:42:58.512Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31171 (GCVE-0-2023-31171)

    Vulnerability from cvelistv5 – Published: 2023-08-31 15:30 – Updated: 2024-09-27 18:48
    VLAI
    Title
    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Summary
    An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    SEL
    Impacted products
    Date Public
    2023-08-31 16:00
    Credits
    Gabriele Quagliarella of Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:45:25.875Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nozominetworks.com/blog/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31171",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-27T18:06:44.809247Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-27T18:48:28.691Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "SEL-5030 acSELerator QuickSet Software",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThanOrEqual": "7.1.3.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Gabriele Quagliarella of Nozomi Networks"
            }
          ],
          "datePublic": "2023-08-31T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nAn Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator.\n\n\u003cbr\u003e\u003cbr\u003e\n\nSee Instruction Manual Appendix A and Appendix E dated 20230615 for more details.\n\n\u003cbr\u003e\u003cp\u003eThis issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.\u003c/p\u003e"
                }
              ],
              "value": "\nAn Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator.\n\n\n\n\n\nSee Instruction Manual Appendix A and Appendix E dated 20230615 for more details.\n\n\nThis issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-549",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-549 Local Execution of Code"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-31T15:30:41.030Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            },
            {
              "url": "https://www.nozominetworks.com/blog/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-31171",
        "datePublished": "2023-08-31T15:30:41.030Z",
        "dateReserved": "2023-04-24T23:20:01.609Z",
        "dateUpdated": "2024-09-27T18:48:28.691Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31170 (GCVE-0-2023-31170)

    Vulnerability from cvelistv5 – Published: 2023-08-31 15:30 – Updated: 2024-09-27 18:49
    VLAI
    Title
    Inclusion of Functionality from Untrusted Control Sphere
    Summary
    An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
    Assigner
    SEL
    Impacted products
    Date Public
    2023-08-31 16:00
    Credits
    Gabriele Quagliarella of Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:45:25.823Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nozominetworks.com/blog/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31170",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-27T18:07:23.936703Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-27T18:49:02.329Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "SEL-5030 acSELerator QuickSet Software",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThanOrEqual": "7.1.3.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Gabriele Quagliarella of Nozomi Networks"
            }
          ],
          "datePublic": "2023-08-31T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nAn Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator.\u003cbr\u003e\u003cbr\u003e\n\nSee Instruction Manual Appendix A and Appendix E dated 20230615 for more details.\n\n\u003cbr\u003e\n\n\u003cp\u003eThis issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.\u003c/p\u003e"
                }
              ],
              "value": "\nAn Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator.\n\n\n\nSee Instruction Manual Appendix A and Appendix E dated 20230615 for more details.\n\n\n\n\nThis issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-549",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-549 Local Execution of Code"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-829",
                  "description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-31T15:30:32.665Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            },
            {
              "url": "https://www.nozominetworks.com/blog/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": " Inclusion of Functionality from Untrusted Control Sphere",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-31170",
        "datePublished": "2023-08-31T15:30:32.665Z",
        "dateReserved": "2023-04-24T23:20:01.608Z",
        "dateUpdated": "2024-09-27T18:49:02.329Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31169 (GCVE-0-2023-31169)

    Vulnerability from cvelistv5 – Published: 2023-08-31 15:30 – Updated: 2024-09-27 18:49
    VLAI
    Title
    Improper Handling of Unicode Encoding
    Summary
    An Improper Handling of Unicode Encoding vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-176 - Improper Handling of Unicode Encoding
    Assigner
    SEL
    Impacted products
    Date Public
    2023-08-31 16:00
    Credits
    Gabriele Quagliarella of Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:45:25.771Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nozominetworks.com/blog/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31169",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-27T18:07:42.711772Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-27T18:49:59.858Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "SEL-5030 acSELerator QuickSet Software",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThanOrEqual": "7.1.3.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Gabriele Quagliarella of Nozomi Networks"
            }
          ],
          "datePublic": "2023-08-31T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nAn Improper Handling of Unicode Encoding vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator.\n\n\u003cbr\u003e\u003cbr\u003e\n\nSee Instruction Manual Appendix A and Appendix E dated 20230615 for more details.\u003cbr\u003e\u003cp\u003eThis issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.\u003c/p\u003e"
                }
              ],
              "value": "\nAn Improper Handling of Unicode Encoding vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator.\n\n\n\n\n\nSee Instruction Manual Appendix A and Appendix E dated 20230615 for more details.\nThis issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-549",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-549 Local Execution of Code"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-176",
                  "description": "CWE-176 Improper Handling of Unicode Encoding",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-31T15:30:23.541Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            },
            {
              "url": "https://www.nozominetworks.com/blog/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Improper Handling of Unicode Encoding",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-31169",
        "datePublished": "2023-08-31T15:30:23.541Z",
        "dateReserved": "2023-04-24T23:20:01.608Z",
        "dateUpdated": "2024-09-27T18:49:59.858Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31168 (GCVE-0-2023-31168)

    Vulnerability from cvelistv5 – Published: 2023-08-31 15:30 – Updated: 2024-09-27 18:52
    VLAI
    Title
    Inclusion of Functionality from Untrusted Control Sphere
    Summary
    An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
    Assigner
    SEL
    Impacted products
    Date Public
    2023-08-31 16:00
    Credits
    Gabriele Quagliarella of Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:45:26.170Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nozominetworks.com/blog/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31168",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-27T18:07:54.773013Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-27T18:52:57.616Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "SEL-5030 acSELerator QuickSet Software",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThanOrEqual": "7.1.3.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Gabriele Quagliarella of Nozomi Networks"
            }
          ],
          "datePublic": "2023-08-31T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cp\u003eAn Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator.\u003cbr\u003e\u003cbr\u003e\n\nSee Instruction Manual Appendix A and Appendix E dated 20230615 for more details.\u003cbr\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eThis issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.\u003c/p\u003e"
                }
              ],
              "value": "\nAn Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator.\n\n\n\nSee Instruction Manual Appendix A and Appendix E dated 20230615 for more details.\n\n\n\n\n\n\nThis issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-549",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-549 Local Execution of Code"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-829",
                  "description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-31T15:30:14.809Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            },
            {
              "url": "https://www.nozominetworks.com/blog/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": " Inclusion of Functionality from Untrusted Control Sphere",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-31168",
        "datePublished": "2023-08-31T15:30:14.809Z",
        "dateReserved": "2023-04-24T23:20:01.608Z",
        "dateUpdated": "2024-09-27T18:52:57.616Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }