Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
38 vulnerabilities found for sel-2241_rtac_module_firmware by selinc
CVE-2023-31166 (GCVE-0-2023-31166)
Vulnerability from nvd – Published: 2023-05-10 19:25 – Updated: 2025-01-24 19:28
VLAI?
Title
Improper Limitation of a Pathname to a Restricted Directory
Summary
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to create folders in arbitrary paths of the file system.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.1 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R126-V0 , < R150-V2
(custom)
Affected: R126-V0 , < R149-V4 (custom) Affected: R126-V0 , < R148-V7 (custom) Affected: R126-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2023-05-10 07:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31166",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:28:10.395795Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:28:19.480Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to create folders in arbitrary paths of the file system.\u003cbr\u003e\u003cbr\u003eSee SEL Service Bulletin dated 2022-11-15 for more details."
}
],
"value": "An Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to create folders in arbitrary paths of the file system.\n\nSee SEL Service Bulletin dated 2022-11-15 for more details."
}
],
"impacts": [
{
"capecId": "CAPEC-643",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-643 Identify Shared Files/Directories on System"
}
]
},
{
"capecId": "CAPEC-176",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-176 Configuration/Environment Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:25:59.606Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Limitation of a Pathname to a Restricted Directory",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31166",
"datePublished": "2023-05-10T19:25:59.606Z",
"dateReserved": "2023-04-24T23:19:33.137Z",
"dateUpdated": "2025-01-24T19:28:19.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31165 (GCVE-0-2023-31165)
Vulnerability from nvd – Published: 2023-05-10 19:25 – Updated: 2025-01-24 19:27
VLAI?
Title
Improper Neutralization of Input During Web Page Generation
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R119-V0 , < R150-V2
(custom)
Affected: R119-V0 , < R149-V4 (custom) Affected: R119-V0 , < R148-V7 (custom) Affected: R119-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2023-05-10 07:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.790Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31165",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:27:51.348037Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:27:55.295Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003cbr\u003e\u003cdiv\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003c/div\u003e\u003c/div\u003e\n\n"
}
],
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:25:34.186Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31165",
"datePublished": "2023-05-10T19:25:34.186Z",
"dateReserved": "2023-04-24T23:19:33.137Z",
"dateUpdated": "2025-01-24T19:27:55.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31164 (GCVE-0-2023-31164)
Vulnerability from nvd – Published: 2023-05-10 19:25 – Updated: 2025-01-24 19:27
VLAI?
Title
Improper Neutralization of Input During Web Page Generation
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R119-V0 , < R150-V2
(custom)
Affected: R119-V0 , < R149-V4 (custom) Affected: R119-V0 , < R148-V7 (custom) Affected: R119-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2023-05-10 07:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.764Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31164",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:27:36.186170Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:27:38.573Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003cbr\u003e\u003cdiv\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003c/div\u003e\u003c/div\u003e\n\n"
}
],
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:25:16.534Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31164",
"datePublished": "2023-05-10T19:25:16.534Z",
"dateReserved": "2023-04-24T23:19:33.137Z",
"dateUpdated": "2025-01-24T19:27:38.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31163 (GCVE-0-2023-31163)
Vulnerability from nvd – Published: 2023-05-10 19:24 – Updated: 2025-01-24 19:27
VLAI?
Title
Improper Neutralization of Input During Web Page Generation
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R119-V0 , < R150-V2
(custom)
Affected: R119-V0 , < R149-V4 (custom) Affected: R119-V0 , < R148-V7 (custom) Affected: R119-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2023-05-10 07:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.738Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31163",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:27:10.625855Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:27:13.760Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003cbr\u003e\u003cdiv\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003c/div\u003e\u003c/div\u003e\n\n"
}
],
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:24:45.965Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31163",
"datePublished": "2023-05-10T19:24:45.965Z",
"dateReserved": "2023-04-24T23:19:33.136Z",
"dateUpdated": "2025-01-24T19:27:13.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31162 (GCVE-0-2023-31162)
Vulnerability from nvd – Published: 2023-05-10 19:24 – Updated: 2025-01-24 19:26
VLAI?
Title
Improper Input Validation in Web Interface
Summary
An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to arbitrarily alter the content of a configuration file.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.8 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R149-V0 , < R150-V2
(custom)
Affected: R149-V0 , < R149-V4 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2023-05-10 07:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.773Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31162",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:26:51.589571Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:26:55.712Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to arbitrarily alter the content of a configuration file.\u003cbr\u003e\u003cbr\u003eSee SEL Service Bulletin dated 2022-11-15 for more details."
}
],
"value": "An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to arbitrarily alter the content of a configuration file.\n\nSee SEL Service Bulletin dated 2022-11-15 for more details."
}
],
"impacts": [
{
"capecId": "CAPEC-176",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-176 Configuration/Environment Manipulation"
}
]
},
{
"capecId": "CAPEC-275",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-275 DNS Rebinding"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:24:20.480Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Input Validation in Web Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31162",
"datePublished": "2023-05-10T19:24:20.480Z",
"dateReserved": "2023-04-24T23:19:33.136Z",
"dateUpdated": "2025-01-24T19:26:55.712Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31160 (GCVE-0-2023-31160)
Vulnerability from nvd – Published: 2023-05-10 19:23 – Updated: 2025-01-24 19:19
VLAI?
Title
Improper Neutralization of Input During Web Page Generation
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R132-V0 , < R150-V2
(custom)
Affected: R132-V0 , < R149-V4 (custom) Affected: R132-V0 , < R148-V7 (custom) Affected: R132-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2023-05-10 07:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31160",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:19:22.925031Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:19:25.906Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003c/div\u003e\n\n\u003cp\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:23:43.200Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31160",
"datePublished": "2023-05-10T19:23:43.200Z",
"dateReserved": "2023-04-24T23:19:33.136Z",
"dateUpdated": "2025-01-24T19:19:25.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31159 (GCVE-0-2023-31159)
Vulnerability from nvd – Published: 2023-05-10 19:23 – Updated: 2025-01-24 19:10
VLAI?
Title
Improper Neutralization of Input During Web Page Generation
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R132-V0 , < R150-V2
(custom)
Affected: R132-V0 , < R149-V4 (custom) Affected: R132-V0 , < R148-V7 (custom) Affected: R132-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2023-05-10 07:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.784Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31159",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:10:03.615553Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:10:07.456Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003c/div\u003e\n\n\u003cp\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:23:29.182Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31159",
"datePublished": "2023-05-10T19:23:29.182Z",
"dateReserved": "2023-04-24T23:19:33.136Z",
"dateUpdated": "2025-01-24T19:10:07.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31158 (GCVE-0-2023-31158)
Vulnerability from nvd – Published: 2023-05-10 19:23 – Updated: 2025-01-24 19:09
VLAI?
Title
Improper Neutralization of Input During Web Page Generation
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R132-V0 , < R150-V2
(custom)
Affected: R132-V0 , < R149-V4 (custom) Affected: R132-V0 , < R148-V7 (custom) Affected: R132-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2023-05-10 07:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31158",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:09:44.725784Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:09:47.546Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003c/div\u003e\n\n\u003cp\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:23:15.171Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31158",
"datePublished": "2023-05-10T19:23:15.171Z",
"dateReserved": "2023-04-24T23:19:33.136Z",
"dateUpdated": "2025-01-24T19:09:47.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31157 (GCVE-0-2023-31157)
Vulnerability from nvd – Published: 2023-05-10 19:22 – Updated: 2025-01-24 19:09
VLAI?
Title
Improper Neutralization of Input During Web Page Generation
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R132-V0 , < R150-V2
(custom)
Affected: R132-V0 , < R149-V4 (custom) Affected: R132-V0 , < R148-V7 (custom) Affected: R132-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2023-05-10 07:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.689Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31157",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:09:17.571361Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:09:33.094Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003c/div\u003e\n\n\u003cp\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:22:58.877Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31157",
"datePublished": "2023-05-10T19:22:58.877Z",
"dateReserved": "2023-04-24T23:19:04.959Z",
"dateUpdated": "2025-01-24T19:09:33.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31156 (GCVE-0-2023-31156)
Vulnerability from nvd – Published: 2023-05-10 19:22 – Updated: 2025-01-24 19:08
VLAI?
Title
Improper Neutralization of Input During Web Page Generation
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R132-V0 , < R150-V2
(custom)
Affected: R132-V0 , < R149-V4 (custom) Affected: R132-V0 , < R148-V7 (custom) Affected: R132-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2023-05-10 07:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.890Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31156",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:08:45.763598Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:08:49.377Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003c/div\u003e\n\n\u003cp\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:22:44.225Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31156",
"datePublished": "2023-05-10T19:22:44.225Z",
"dateReserved": "2023-04-24T23:19:04.959Z",
"dateUpdated": "2025-01-24T19:08:49.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31155 (GCVE-0-2023-31155)
Vulnerability from nvd – Published: 2023-05-10 19:22 – Updated: 2025-01-24 19:05
VLAI?
Title
Improper Neutralization of Input During Web Page Generation
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R132-V0 , < R150-V2
(custom)
Affected: R132-V0 , < R149-V4 (custom) Affected: R132-V0 , < R148-V7 (custom) Affected: R132-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2023-05-10 07:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.765Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31155",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:05:37.935719Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:05:41.753Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003c/div\u003e\n\n\u003cp\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:22:32.651Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31155",
"datePublished": "2023-05-10T19:22:32.651Z",
"dateReserved": "2023-04-24T23:19:04.959Z",
"dateUpdated": "2025-01-24T19:05:41.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31154 (GCVE-0-2023-31154)
Vulnerability from nvd – Published: 2023-05-10 19:22 – Updated: 2025-01-24 19:05
VLAI?
Title
Improper Neutralization of Input During Web Page Generation
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R132-V0 , < R150-V2
(custom)
Affected: R132-V0 , < R149-V4 (custom) Affected: R132-V0 , < R148-V7 (custom) Affected: R132-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2023-05-10 07:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31154",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:05:17.174236Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:05:24.335Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003c/div\u003e\n\n\u003cp\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:22:18.749Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31154",
"datePublished": "2023-05-10T19:22:18.749Z",
"dateReserved": "2023-04-24T23:19:04.958Z",
"dateUpdated": "2025-01-24T19:05:24.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31153 (GCVE-0-2023-31153)
Vulnerability from nvd – Published: 2023-05-10 19:22 – Updated: 2025-01-24 19:05
VLAI?
Title
Improper Neutralization of Input During Web Page Generation
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R119-V0 , < R150-V2
(custom)
Affected: R119-V0 , < R149-V4 (custom) Affected: R119-V0 , < R148-V7 (custom) Affected: R119-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2023-05-10 07:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.706Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31153",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:04:43.531419Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:05:05.448Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R109-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R109-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R109-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R109-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R109-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R109-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R109-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R109-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eSchweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/span\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003c/span\u003e\n\n\u003c/p\u003e"
}
],
"value": "An Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the\u00a0Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.See SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:22:06.307Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31153",
"datePublished": "2023-05-10T19:22:06.307Z",
"dateReserved": "2023-04-24T23:19:04.958Z",
"dateUpdated": "2025-01-24T19:05:05.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31152 (GCVE-0-2023-31152)
Vulnerability from nvd – Published: 2023-05-10 19:21 – Updated: 2025-01-24 19:04
VLAI?
Title
Authentication Bypass Using an Alternate Path or Channel
Summary
An Authentication Bypass Using an Alternate Path or Channel vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface allows Authentication Bypass.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4 (Medium)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R147-V0 , < R150-V2
(custom)
Affected: R147-V0 , < R149-V4 (custom) Affected: R147-V0 , < R148-V7 (custom) Affected: R147-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2023-05-10 07:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.728Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31152",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:04:22.247927Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:04:25.192Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Authentication Bypass Using an Alternate Path or Channel vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface allows Authentication Bypass. \u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003c/span\u003e\n\n\u003c/p\u003e"
}
],
"value": "An Authentication Bypass Using an Alternate Path or Channel vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface allows Authentication Bypass. \nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:21:50.029Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Authentication Bypass Using an Alternate Path or Channel",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31152",
"datePublished": "2023-05-10T19:21:50.029Z",
"dateReserved": "2023-04-24T23:19:04.957Z",
"dateUpdated": "2025-01-24T19:04:25.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31151 (GCVE-0-2023-31151)
Vulnerability from nvd – Published: 2023-05-10 19:21 – Updated: 2025-01-24 19:04
VLAI?
Title
Improper Certificate Validation
Summary
An Improper Certificate Validation vulnerability
in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface
could allow a remote unauthenticated attacker to conduct a man-in-the-middle (MitM) attack.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.7 (Medium)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R147-V0 , < R150-V2
(custom)
Affected: R147-V0 , < R149-V4 (custom) Affected: R147-V0 , < R148-V7 (custom) Affected: R147-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2023-05-10 07:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.853Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31151",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:04:00.595043Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:04:04.464Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Certificate Validation vulnerability \n\nin the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface\n\ncould allow a remote unauthenticated attacker to conduct a man-in-the-middle (MitM) attack.\u003cbr\u003e\u003cp\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "An Improper Certificate Validation vulnerability \n\nin the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface\n\ncould allow a remote unauthenticated attacker to conduct a man-in-the-middle (MitM) attack.\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-94",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-94 Man in the Middle Attack"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:21:30.649Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Certificate Validation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31151",
"datePublished": "2023-05-10T19:21:30.649Z",
"dateReserved": "2023-04-24T23:19:04.957Z",
"dateUpdated": "2025-01-24T19:04:04.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31150 (GCVE-0-2023-31150)
Vulnerability from nvd – Published: 2023-05-10 19:21 – Updated: 2025-01-27 18:17
VLAI?
Title
Storing Passwords in a Recoverable Format
Summary
A Storing Passwords in a Recoverable Format vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) database system could allow an authenticated attacker to retrieve passwords.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
CWE
- CWE-257 - Storing Passwords in a Recoverable Format
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R122-V0 , < R150-V2
(custom)
Affected: R122-V0 , < R149-V4 (custom) Affected: R122-V0 , < R148-V7 (custom) Affected: R122-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2023-05-10 07:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:26.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31150",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-27T18:17:06.700639Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T18:17:15.598Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Database"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R122-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R122-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R122-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R122-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Database"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Database"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R122-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R122-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R122-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R122-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Database"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R122-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R122-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R122-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R122-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Database"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Database"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Database"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Database"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Database"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R122-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R122-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R122-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R122-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Database"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nA Storing Passwords in a Recoverable Format vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) database system could allow an authenticated attacker to retrieve passwords.\u003cbr\u003e\u003cp\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "\nA Storing Passwords in a Recoverable Format vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) database system could allow an authenticated attacker to retrieve passwords.\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-50",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-50 Password Recovery Exploitation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "CWE-257 Storing Passwords in a Recoverable Format",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:21:07.126Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Storing Passwords in a Recoverable Format",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31150",
"datePublished": "2023-05-10T19:21:07.126Z",
"dateReserved": "2023-04-24T23:19:04.957Z",
"dateUpdated": "2025-01-27T18:17:15.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31149 (GCVE-0-2023-31149)
Vulnerability from nvd – Published: 2023-05-10 19:20 – Updated: 2025-01-27 18:18
VLAI?
Title
Improper Input Validation in Web Interface
Summary
An Improper Input Validation vulnerability
in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
9.1 (Critical)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R132-V0 , < R150-V2
(custom)
Affected: R132-V0 , < R149-V4 (custom) Affected: R132-V0 , < R148-V7 (custom) Affected: R132-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2023-05-10 07:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31149",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-27T18:18:11.608895Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T18:18:20.153Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nAn Improper Input Validation vulnerability \n\nin the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code.\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e\n\n"
}
],
"value": "\nAn Improper Input Validation vulnerability \n\nin the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code.\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:20:16.373Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Input Validation in Web Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31149",
"datePublished": "2023-05-10T19:20:16.373Z",
"dateReserved": "2023-04-24T23:19:04.956Z",
"dateUpdated": "2025-01-27T18:18:20.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31148 (GCVE-0-2023-31148)
Vulnerability from nvd – Published: 2023-05-10 19:20 – Updated: 2025-01-27 18:19
VLAI?
Title
Improper Input Validation in Web Interface
Summary
An Improper Input Validation vulnerability
in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
9.1 (Critical)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R132-V0 , < R150-V2
(custom)
Affected: R132-V0 , < R149-V4 (custom) Affected: R132-V0 , < R148-V7 (custom) Affected: R132-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2023-05-10 07:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.818Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31148",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-27T18:19:00.740706Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T18:19:19.558Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Input Validation vulnerability \n\nin the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code.\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "An Improper Input Validation vulnerability \n\nin the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code.\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:20:03.147Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Input Validation in Web Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31148",
"datePublished": "2023-05-10T19:20:03.147Z",
"dateReserved": "2023-04-24T23:19:04.956Z",
"dateUpdated": "2025-01-27T18:19:19.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2310 (GCVE-0-2023-2310)
Vulnerability from nvd – Published: 2023-05-10 19:18 – Updated: 2025-01-27 18:20
VLAI?
Title
Channel Accessible by Non-Endpoint
Summary
A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer Engineering Laboratories SEL Real-Time Automation Controller (RTAC) could allow a remote attacker to perform a man-in-the-middle (MiTM) that could result in denial of service.
See the ACSELERATOR RTAC SEL-5033 Software instruction manual date code 20210915 for more details.
Severity ?
6.8 (Medium)
CWE
- CWE-300 - Channel Accessible by Non-Endpoint
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R119-V0 , < R150-V2
(custom)
Affected: R119-V0 , < R149-V4 (custom) Affected: R119-V0 , < R148-V7 (custom) Affected: R119-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2023-05-10 07:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:14.854Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2310",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-27T18:20:24.063475Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T18:20:35.192Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories, Inc.",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories, Inc.",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories, Inc.",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories, Inc.",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories, Inc.",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories, Inc.",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories, Inc.",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories, Inc.",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Adeen Ayub, Syed Ali Qasim, Irfan Ahmed, Virginia Commonwealth University"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer Engineering Laboratories SEL Real-Time Automation Controller (RTAC) could allow a remote attacker to perform a man-in-the-middle (MiTM) that could result in denial of service.\u003cbr\u003e\u003cbr\u003eSee the ACSELERATOR RTAC SEL-5033 Software instruction manual date code 20210915 for more details."
}
],
"value": "A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer Engineering Laboratories SEL Real-Time Automation Controller (RTAC) could allow a remote attacker to perform a man-in-the-middle (MiTM) that could result in denial of service.\n\nSee the ACSELERATOR RTAC SEL-5033 Software instruction manual date code 20210915 for more details."
}
],
"impacts": [
{
"capecId": "CAPEC-469",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-469 DoS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-300",
"description": "CWE-300 Channel Accessible by Non-Endpoint",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:18:43.806Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Channel Accessible by Non-Endpoint",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-2310",
"datePublished": "2023-05-10T19:18:43.806Z",
"dateReserved": "2023-04-26T18:25:33.932Z",
"dateUpdated": "2025-01-27T18:20:35.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31166 (GCVE-0-2023-31166)
Vulnerability from cvelistv5 – Published: 2023-05-10 19:25 – Updated: 2025-01-24 19:28
VLAI?
Title
Improper Limitation of a Pathname to a Restricted Directory
Summary
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to create folders in arbitrary paths of the file system.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.1 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R126-V0 , < R150-V2
(custom)
Affected: R126-V0 , < R149-V4 (custom) Affected: R126-V0 , < R148-V7 (custom) Affected: R126-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2023-05-10 07:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31166",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:28:10.395795Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:28:19.480Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R126-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to create folders in arbitrary paths of the file system.\u003cbr\u003e\u003cbr\u003eSee SEL Service Bulletin dated 2022-11-15 for more details."
}
],
"value": "An Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to create folders in arbitrary paths of the file system.\n\nSee SEL Service Bulletin dated 2022-11-15 for more details."
}
],
"impacts": [
{
"capecId": "CAPEC-643",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-643 Identify Shared Files/Directories on System"
}
]
},
{
"capecId": "CAPEC-176",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-176 Configuration/Environment Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:25:59.606Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Limitation of a Pathname to a Restricted Directory",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31166",
"datePublished": "2023-05-10T19:25:59.606Z",
"dateReserved": "2023-04-24T23:19:33.137Z",
"dateUpdated": "2025-01-24T19:28:19.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31165 (GCVE-0-2023-31165)
Vulnerability from cvelistv5 – Published: 2023-05-10 19:25 – Updated: 2025-01-24 19:27
VLAI?
Title
Improper Neutralization of Input During Web Page Generation
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R119-V0 , < R150-V2
(custom)
Affected: R119-V0 , < R149-V4 (custom) Affected: R119-V0 , < R148-V7 (custom) Affected: R119-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2023-05-10 07:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.790Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31165",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:27:51.348037Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:27:55.295Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003cbr\u003e\u003cdiv\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003c/div\u003e\u003c/div\u003e\n\n"
}
],
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:25:34.186Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31165",
"datePublished": "2023-05-10T19:25:34.186Z",
"dateReserved": "2023-04-24T23:19:33.137Z",
"dateUpdated": "2025-01-24T19:27:55.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31164 (GCVE-0-2023-31164)
Vulnerability from cvelistv5 – Published: 2023-05-10 19:25 – Updated: 2025-01-24 19:27
VLAI?
Title
Improper Neutralization of Input During Web Page Generation
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R119-V0 , < R150-V2
(custom)
Affected: R119-V0 , < R149-V4 (custom) Affected: R119-V0 , < R148-V7 (custom) Affected: R119-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2023-05-10 07:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.764Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31164",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:27:36.186170Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:27:38.573Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003cbr\u003e\u003cdiv\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003c/div\u003e\u003c/div\u003e\n\n"
}
],
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:25:16.534Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31164",
"datePublished": "2023-05-10T19:25:16.534Z",
"dateReserved": "2023-04-24T23:19:33.137Z",
"dateUpdated": "2025-01-24T19:27:38.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31163 (GCVE-0-2023-31163)
Vulnerability from cvelistv5 – Published: 2023-05-10 19:24 – Updated: 2025-01-24 19:27
VLAI?
Title
Improper Neutralization of Input During Web Page Generation
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R119-V0 , < R150-V2
(custom)
Affected: R119-V0 , < R149-V4 (custom) Affected: R119-V0 , < R148-V7 (custom) Affected: R119-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2023-05-10 07:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.738Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31163",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:27:10.625855Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:27:13.760Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003cbr\u003e\u003cdiv\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003c/div\u003e\u003c/div\u003e\n\n"
}
],
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:24:45.965Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31163",
"datePublished": "2023-05-10T19:24:45.965Z",
"dateReserved": "2023-04-24T23:19:33.136Z",
"dateUpdated": "2025-01-24T19:27:13.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31162 (GCVE-0-2023-31162)
Vulnerability from cvelistv5 – Published: 2023-05-10 19:24 – Updated: 2025-01-24 19:26
VLAI?
Title
Improper Input Validation in Web Interface
Summary
An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to arbitrarily alter the content of a configuration file.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.8 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R149-V0 , < R150-V2
(custom)
Affected: R149-V0 , < R149-V4 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2023-05-10 07:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.773Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31162",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:26:51.589571Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:26:55.712Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to arbitrarily alter the content of a configuration file.\u003cbr\u003e\u003cbr\u003eSee SEL Service Bulletin dated 2022-11-15 for more details."
}
],
"value": "An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to arbitrarily alter the content of a configuration file.\n\nSee SEL Service Bulletin dated 2022-11-15 for more details."
}
],
"impacts": [
{
"capecId": "CAPEC-176",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-176 Configuration/Environment Manipulation"
}
]
},
{
"capecId": "CAPEC-275",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-275 DNS Rebinding"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:24:20.480Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Input Validation in Web Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31162",
"datePublished": "2023-05-10T19:24:20.480Z",
"dateReserved": "2023-04-24T23:19:33.136Z",
"dateUpdated": "2025-01-24T19:26:55.712Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31160 (GCVE-0-2023-31160)
Vulnerability from cvelistv5 – Published: 2023-05-10 19:23 – Updated: 2025-01-24 19:19
VLAI?
Title
Improper Neutralization of Input During Web Page Generation
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R132-V0 , < R150-V2
(custom)
Affected: R132-V0 , < R149-V4 (custom) Affected: R132-V0 , < R148-V7 (custom) Affected: R132-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2023-05-10 07:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31160",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:19:22.925031Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:19:25.906Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003c/div\u003e\n\n\u003cp\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:23:43.200Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31160",
"datePublished": "2023-05-10T19:23:43.200Z",
"dateReserved": "2023-04-24T23:19:33.136Z",
"dateUpdated": "2025-01-24T19:19:25.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31159 (GCVE-0-2023-31159)
Vulnerability from cvelistv5 – Published: 2023-05-10 19:23 – Updated: 2025-01-24 19:10
VLAI?
Title
Improper Neutralization of Input During Web Page Generation
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R132-V0 , < R150-V2
(custom)
Affected: R132-V0 , < R149-V4 (custom) Affected: R132-V0 , < R148-V7 (custom) Affected: R132-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2023-05-10 07:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.784Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31159",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:10:03.615553Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:10:07.456Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003c/div\u003e\n\n\u003cp\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:23:29.182Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31159",
"datePublished": "2023-05-10T19:23:29.182Z",
"dateReserved": "2023-04-24T23:19:33.136Z",
"dateUpdated": "2025-01-24T19:10:07.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31158 (GCVE-0-2023-31158)
Vulnerability from cvelistv5 – Published: 2023-05-10 19:23 – Updated: 2025-01-24 19:09
VLAI?
Title
Improper Neutralization of Input During Web Page Generation
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R132-V0 , < R150-V2
(custom)
Affected: R132-V0 , < R149-V4 (custom) Affected: R132-V0 , < R148-V7 (custom) Affected: R132-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2023-05-10 07:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31158",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:09:44.725784Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:09:47.546Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003c/div\u003e\n\n\u003cp\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:23:15.171Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31158",
"datePublished": "2023-05-10T19:23:15.171Z",
"dateReserved": "2023-04-24T23:19:33.136Z",
"dateUpdated": "2025-01-24T19:09:47.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31157 (GCVE-0-2023-31157)
Vulnerability from cvelistv5 – Published: 2023-05-10 19:22 – Updated: 2025-01-24 19:09
VLAI?
Title
Improper Neutralization of Input During Web Page Generation
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R132-V0 , < R150-V2
(custom)
Affected: R132-V0 , < R149-V4 (custom) Affected: R132-V0 , < R148-V7 (custom) Affected: R132-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2023-05-10 07:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.689Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31157",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:09:17.571361Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:09:33.094Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003c/div\u003e\n\n\u003cp\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:22:58.877Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31157",
"datePublished": "2023-05-10T19:22:58.877Z",
"dateReserved": "2023-04-24T23:19:04.959Z",
"dateUpdated": "2025-01-24T19:09:33.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31156 (GCVE-0-2023-31156)
Vulnerability from cvelistv5 – Published: 2023-05-10 19:22 – Updated: 2025-01-24 19:08
VLAI?
Title
Improper Neutralization of Input During Web Page Generation
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R132-V0 , < R150-V2
(custom)
Affected: R132-V0 , < R149-V4 (custom) Affected: R132-V0 , < R148-V7 (custom) Affected: R132-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2023-05-10 07:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.890Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31156",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:08:45.763598Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:08:49.377Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003c/div\u003e\n\n\u003cp\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:22:44.225Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31156",
"datePublished": "2023-05-10T19:22:44.225Z",
"dateReserved": "2023-04-24T23:19:04.959Z",
"dateUpdated": "2025-01-24T19:08:49.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31155 (GCVE-0-2023-31155)
Vulnerability from cvelistv5 – Published: 2023-05-10 19:22 – Updated: 2025-01-24 19:05
VLAI?
Title
Improper Neutralization of Input During Web Page Generation
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R132-V0 , < R150-V2
(custom)
Affected: R132-V0 , < R149-V4 (custom) Affected: R132-V0 , < R148-V7 (custom) Affected: R132-V0 , < R147-V6 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2023-05-10 07:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.765Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31155",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T19:05:37.935719Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T19:05:41.753Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003c/div\u003e\n\n\u003cp\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:22:32.651Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-31155",
"datePublished": "2023-05-10T19:22:32.651Z",
"dateReserved": "2023-04-24T23:19:04.959Z",
"dateUpdated": "2025-01-24T19:05:41.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}