Search

Find a vulnerability

Search criteria

    38 vulnerabilities found for sel-3505_firmware by selinc

    CVE-2023-31166 (GCVE-0-2023-31166)

    Vulnerability from nvd – Published: 2023-05-10 19:25 – Updated: 2025-01-24 19:28
    VLAI
    Title
    Improper Limitation of a Pathname to a Restricted Directory
    Summary
    An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to create folders in arbitrary paths of the file system. See SEL Service Bulletin dated 2022-11-15 for more details.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    SEL
    Impacted products
    Vendor Product Version
    Schweitzer Engineering Laboratories SEL-3505 Affected: R126-V0 , < R150-V2 (custom)
    Affected: R126-V0 , < R149-V4 (custom)
    Affected: R126-V0 , < R148-V7 (custom)
    Affected: R126-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3505-3 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530 Affected: R126-V0 , < R150-V2 (custom)
    Affected: R126-V0 , < R149-V4 (custom)
    Affected: R126-V0 , < R148-V7 (custom)
    Affected: R126-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530-4 Affected: R126-V0 , < R150-V2 (custom)
    Affected: R126-V0 , < R149-V4 (custom)
    Affected: R126-V0 , < R148-V7 (custom)
    Affected: R126-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3532 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3555 Affected: R134-V0 , < R150-V2 (custom)
    Affected: R134-V0 , < R149-V4 (custom)
    Affected: R134-V0 , < R148-V7 (custom)
    Affected: R134-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560S Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560E Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-2241 RTAC module Affected: R126-V0 , < R150-V2 (custom)
    Affected: R126-V0 , < R149-V4 (custom)
    Affected: R126-V0 , < R148-V7 (custom)
    Affected: R126-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3350 Affected: R148-V0 , < R150-V2 (custom)
    Affected: R148-V0 , < R149-V4 (custom)
    Affected: R148-V0 , < R148-V7 (custom)
    Create a notification for this product.
    Date Public
    2023-05-10 07:00
    Credits
    Andrea Palanca, Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:45:25.866Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nozominetworks.com/blog/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31166",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-24T19:28:10.395795Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-24T19:28:19.480Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R126-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R126-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R126-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R126-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505-3",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R126-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R126-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R126-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R126-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530-4",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R126-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R126-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R126-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R126-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3532",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3555",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560S",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560E",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-2241 RTAC module",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R126-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R126-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R126-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R126-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3350",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Andrea Palanca, Nozomi Networks"
            }
          ],
          "datePublic": "2023-05-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to create folders in arbitrary paths of the file system.\u003cbr\u003e\u003cbr\u003eSee SEL Service Bulletin dated 2022-11-15 for more details."
                }
              ],
              "value": "An Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to create folders in arbitrary paths of the file system.\n\nSee SEL Service Bulletin dated 2022-11-15 for more details."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-643",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-643 Identify Shared Files/Directories on System"
                }
              ]
            },
            {
              "capecId": "CAPEC-176",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-176 Configuration/Environment Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-10T19:25:59.606Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            },
            {
              "url": "https://www.nozominetworks.com/blog/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Improper Limitation of a Pathname to a Restricted Directory",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-31166",
        "datePublished": "2023-05-10T19:25:59.606Z",
        "dateReserved": "2023-04-24T23:19:33.137Z",
        "dateUpdated": "2025-01-24T19:28:19.480Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31165 (GCVE-0-2023-31165)

    Vulnerability from nvd – Published: 2023-05-10 19:25 – Updated: 2025-01-24 19:27
    VLAI
    Title
    Improper Neutralization of Input During Web Page Generation
    Summary
    An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    SEL
    Impacted products
    Vendor Product Version
    Schweitzer Engineering Laboratories SEL-3505 Affected: R119-V0 , < R150-V2 (custom)
    Affected: R119-V0 , < R149-V4 (custom)
    Affected: R119-V0 , < R148-V7 (custom)
    Affected: R119-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3505-3 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530 Affected: R100-V0 , < R150-V2 (custom)
    Affected: R100-V0 , < R149-V4 (custom)
    Affected: R100-V0 , < R148-V7 (custom)
    Affected: R100-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530-4 Affected: R108-V0 , < R150-V2 (custom)
    Affected: R108-V0 , < R149-V4 (custom)
    Affected: R108-V0 , < R148-V7 (custom)
    Affected: R108-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3532 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3555 Affected: R134-V0 , < R150-V2 (custom)
    Affected: R134-V0 , < R149-V4 (custom)
    Affected: R134-V0 , < R148-V7 (custom)
    Affected: R134-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560S Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560E Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-2241 RTAC module Affected: R113-V0 , < R150-V2 (custom)
    Affected: R113-V0 , < R149-V4 (custom)
    Affected: R113-V0 , < R148-V7 (custom)
    Affected: R113-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3350 Affected: R148-V0 , < R150-V2 (custom)
    Affected: R148-V0 , < R149-V4 (custom)
    Affected: R148-V0 , < R148-V7 (custom)
    Create a notification for this product.
    Date Public
    2023-05-10 07:00
    Credits
    Andrea Palanca, Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:45:25.790Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nozominetworks.com/blog/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31165",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-24T19:27:51.348037Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-24T19:27:55.295Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R119-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R119-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R119-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R119-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505-3",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R100-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R100-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R100-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R100-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530-4",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R108-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R108-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R108-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R108-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3532",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3555",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560S",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560E",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-2241 RTAC module",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R113-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R113-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R113-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R113-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3350",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Andrea Palanca, Nozomi Networks"
            }
          ],
          "datePublic": "2023-05-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003cbr\u003e\u003cdiv\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003c/div\u003e\u003c/div\u003e\n\n"
                }
              ],
              "value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242 Code Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-10T19:25:34.186Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            },
            {
              "url": "https://www.nozominetworks.com/blog/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Improper Neutralization of Input During Web Page Generation",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-31165",
        "datePublished": "2023-05-10T19:25:34.186Z",
        "dateReserved": "2023-04-24T23:19:33.137Z",
        "dateUpdated": "2025-01-24T19:27:55.295Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31164 (GCVE-0-2023-31164)

    Vulnerability from nvd – Published: 2023-05-10 19:25 – Updated: 2025-01-24 19:27
    VLAI
    Title
    Improper Neutralization of Input During Web Page Generation
    Summary
    An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    SEL
    Impacted products
    Vendor Product Version
    Schweitzer Engineering Laboratories SEL-3505 Affected: R119-V0 , < R150-V2 (custom)
    Affected: R119-V0 , < R149-V4 (custom)
    Affected: R119-V0 , < R148-V7 (custom)
    Affected: R119-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3505-3 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530 Affected: R100-V0 , < R150-V2 (custom)
    Affected: R100-V0 , < R149-V4 (custom)
    Affected: R100-V0 , < R148-V7 (custom)
    Affected: R100-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530-4 Affected: R108-V0 , < R150-V2 (custom)
    Affected: R108-V0 , < R149-V4 (custom)
    Affected: R108-V0 , < R148-V7 (custom)
    Affected: R108-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3532 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3555 Affected: R134-V0 , < R150-V2 (custom)
    Affected: R134-V0 , < R149-V4 (custom)
    Affected: R134-V0 , < R148-V7 (custom)
    Affected: R134-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560S Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560E Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-2241 RTAC module Affected: R113-V0 , < R150-V2 (custom)
    Affected: R113-V0 , < R149-V4 (custom)
    Affected: R113-V0 , < R148-V7 (custom)
    Affected: R113-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3350 Affected: R148-V0 , < R150-V2 (custom)
    Affected: R148-V0 , < R149-V4 (custom)
    Affected: R148-V0 , < R148-V7 (custom)
    Create a notification for this product.
    Date Public
    2023-05-10 07:00
    Credits
    Andrea Palanca, Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:45:25.764Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nozominetworks.com/blog/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31164",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-24T19:27:36.186170Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-24T19:27:38.573Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R119-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R119-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R119-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R119-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505-3",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R100-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R100-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R100-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R100-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530-4",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R108-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R108-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R108-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R108-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3532",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3555",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560S",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560E",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-2241 RTAC module",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R113-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R113-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R113-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R113-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3350",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Andrea Palanca, Nozomi Networks"
            }
          ],
          "datePublic": "2023-05-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003cbr\u003e\u003cdiv\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003c/div\u003e\u003c/div\u003e\n\n"
                }
              ],
              "value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242 Code Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-10T19:25:16.534Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            },
            {
              "url": "https://www.nozominetworks.com/blog/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Improper Neutralization of Input During Web Page Generation",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-31164",
        "datePublished": "2023-05-10T19:25:16.534Z",
        "dateReserved": "2023-04-24T23:19:33.137Z",
        "dateUpdated": "2025-01-24T19:27:38.573Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31163 (GCVE-0-2023-31163)

    Vulnerability from nvd – Published: 2023-05-10 19:24 – Updated: 2025-01-24 19:27
    VLAI
    Title
    Improper Neutralization of Input During Web Page Generation
    Summary
    An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    SEL
    Impacted products
    Vendor Product Version
    Schweitzer Engineering Laboratories SEL-3505 Affected: R119-V0 , < R150-V2 (custom)
    Affected: R119-V0 , < R149-V4 (custom)
    Affected: R119-V0 , < R148-V7 (custom)
    Affected: R119-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3505-3 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530 Affected: R100-V0 , < R150-V2 (custom)
    Affected: R100-V0 , < R149-V4 (custom)
    Affected: R100-V0 , < R148-V7 (custom)
    Affected: R100-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530-4 Affected: R108-V0 , < R150-V2 (custom)
    Affected: R108-V0 , < R149-V4 (custom)
    Affected: R108-V0 , < R148-V7 (custom)
    Affected: R108-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3532 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3555 Affected: R134-V0 , < R150-V2 (custom)
    Affected: R134-V0 , < R149-V4 (custom)
    Affected: R134-V0 , < R148-V7 (custom)
    Affected: R134-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560S Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560E Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-2241 RTAC module Affected: R113-V0 , < R150-V2 (custom)
    Affected: R113-V0 , < R149-V4 (custom)
    Affected: R113-V0 , < R148-V7 (custom)
    Affected: R113-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3350 Affected: R148-V0 , < R150-V2 (custom)
    Affected: R148-V0 , < R149-V4 (custom)
    Affected: R148-V0 , < R148-V7 (custom)
    Create a notification for this product.
    Date Public
    2023-05-10 07:00
    Credits
    Andrea Palanca, Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:45:25.738Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nozominetworks.com/blog/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31163",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-24T19:27:10.625855Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-24T19:27:13.760Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R119-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R119-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R119-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R119-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505-3",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R100-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R100-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R100-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R100-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530-4",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R108-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R108-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R108-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R108-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3532",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3555",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560S",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560E",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-2241 RTAC module",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R113-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R113-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R113-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R113-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3350",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Andrea Palanca, Nozomi Networks"
            }
          ],
          "datePublic": "2023-05-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003cbr\u003e\u003cdiv\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003c/div\u003e\u003c/div\u003e\n\n"
                }
              ],
              "value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242 Code Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-10T19:24:45.965Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            },
            {
              "url": "https://www.nozominetworks.com/blog/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Improper Neutralization of Input During Web Page Generation",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-31163",
        "datePublished": "2023-05-10T19:24:45.965Z",
        "dateReserved": "2023-04-24T23:19:33.136Z",
        "dateUpdated": "2025-01-24T19:27:13.760Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31162 (GCVE-0-2023-31162)

    Vulnerability from nvd – Published: 2023-05-10 19:24 – Updated: 2025-01-24 19:26
    VLAI
    Title
    Improper Input Validation in Web Interface
    Summary
    An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to arbitrarily alter the content of a configuration file. See SEL Service Bulletin dated 2022-11-15 for more details.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    SEL
    Impacted products
    Vendor Product Version
    Schweitzer Engineering Laboratories SEL-3505 Affected: R149-V0 , < R150-V2 (custom)
    Affected: R149-V0 , < R149-V4 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3505-3 Affected: R149-V0 , < R150-V2 (custom)
    Affected: R149-V0 , < R149-V4 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530 Affected: R149-V0 , < R150-V2 (custom)
    Affected: R149-V0 , < R149-V4 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530-4 Affected: R149-V0 , < R150-V2 (custom)
    Affected: R149-V0 , < R149-V4 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3532 Affected: R149-V0 , < R150-V2 (custom)
    Affected: R149-V0 , < R149-V4 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3555 Affected: R149-V0 , < R150-V2 (custom)
    Affected: R149-V0 , < R149-V4 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560S Affected: R149-V0 , < R150-V2 (custom)
    Affected: R149-V0 , < R149-V4 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560E Affected: R149-V0 , < R150-V2 (custom)
    Affected: R149-V0 , < R149-V4 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-2241 RTAC module Affected: R149-V0 , < R150-V2 (custom)
    Affected: R149-V0 , < R149-V4 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3350 Affected: R149-V0 , < R150-V2 (custom)
    Affected: R149-V0 , < R149-V4 (custom)
    Create a notification for this product.
    Date Public
    2023-05-10 07:00
    Credits
    Andrea Palanca, Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:45:25.773Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nozominetworks.com/blog/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31162",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-24T19:26:51.589571Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-24T19:26:55.712Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R149-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R149-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505-3",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R149-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R149-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R149-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R149-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530-4",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R149-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R149-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3532",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R149-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R149-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3555",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R149-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R149-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560S",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R149-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R149-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560E",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R149-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R149-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-2241 RTAC module",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R149-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R149-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3350",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R149-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R149-V0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Andrea Palanca, Nozomi Networks"
            }
          ],
          "datePublic": "2023-05-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to arbitrarily alter the content of a configuration file.\u003cbr\u003e\u003cbr\u003eSee SEL Service Bulletin dated 2022-11-15 for more details."
                }
              ],
              "value": "An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to arbitrarily alter the content of a configuration file.\n\nSee SEL Service Bulletin dated 2022-11-15 for more details."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-176",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-176 Configuration/Environment Manipulation"
                }
              ]
            },
            {
              "capecId": "CAPEC-275",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-275 DNS Rebinding"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-10T19:24:20.480Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            },
            {
              "url": "https://www.nozominetworks.com/blog/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Improper Input Validation in Web Interface",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-31162",
        "datePublished": "2023-05-10T19:24:20.480Z",
        "dateReserved": "2023-04-24T23:19:33.136Z",
        "dateUpdated": "2025-01-24T19:26:55.712Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31160 (GCVE-0-2023-31160)

    Vulnerability from nvd – Published: 2023-05-10 19:23 – Updated: 2025-01-24 19:19
    VLAI
    Title
    Improper Neutralization of Input During Web Page Generation
    Summary
    An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    SEL
    Impacted products
    Vendor Product Version
    Schweitzer Engineering Laboratories SEL-3505 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3505-3 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530-4 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3532 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3555 Affected: R134-V0 , < R150-V2 (custom)
    Affected: R134-V0 , < R149-V4 (custom)
    Affected: R134-V0 , < R148-V7 (custom)
    Affected: R134-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560S Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560E Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-2241 RTAC module Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3350 Affected: R148-V0 , < R150-V2 (custom)
    Affected: R148-V0 , < R149-V4 (custom)
    Affected: R148-V0 , < R148-V7 (custom)
    Create a notification for this product.
    Date Public
    2023-05-10 07:00
    Credits
    Andrea Palanca, Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:45:25.879Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nozominetworks.com/blog/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31160",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-24T19:19:22.925031Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-24T19:19:25.906Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505-3",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530-4",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3532",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3555",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560S",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560E",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-2241 RTAC module",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3350",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Andrea Palanca, Nozomi Networks"
            }
          ],
          "datePublic": "2023-05-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003c/div\u003e\n\n\u003cp\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242 Code Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-10T19:23:43.200Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            },
            {
              "url": "https://www.nozominetworks.com/blog/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Improper Neutralization of Input During Web Page Generation",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-31160",
        "datePublished": "2023-05-10T19:23:43.200Z",
        "dateReserved": "2023-04-24T23:19:33.136Z",
        "dateUpdated": "2025-01-24T19:19:25.906Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31159 (GCVE-0-2023-31159)

    Vulnerability from nvd – Published: 2023-05-10 19:23 – Updated: 2025-01-24 19:10
    VLAI
    Title
    Improper Neutralization of Input During Web Page Generation
    Summary
    An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    SEL
    Impacted products
    Vendor Product Version
    Schweitzer Engineering Laboratories SEL-3505 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3505-3 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530-4 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3532 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3555 Affected: R134-V0 , < R150-V2 (custom)
    Affected: R134-V0 , < R149-V4 (custom)
    Affected: R134-V0 , < R148-V7 (custom)
    Affected: R134-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560S Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560E Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-2241 RTAC module Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3350 Affected: R148-V0 , < R150-V2 (custom)
    Affected: R148-V0 , < R149-V4 (custom)
    Affected: R148-V0 , < R148-V7 (custom)
    Create a notification for this product.
    Date Public
    2023-05-10 07:00
    Credits
    Andrea Palanca, Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:45:25.784Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nozominetworks.com/blog/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31159",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-24T19:10:03.615553Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-24T19:10:07.456Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505-3",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530-4",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3532",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3555",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560S",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560E",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-2241 RTAC module",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3350",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Andrea Palanca, Nozomi Networks"
            }
          ],
          "datePublic": "2023-05-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003c/div\u003e\n\n\u003cp\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242 Code Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-10T19:23:29.182Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            },
            {
              "url": "https://www.nozominetworks.com/blog/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Improper Neutralization of Input During Web Page Generation",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-31159",
        "datePublished": "2023-05-10T19:23:29.182Z",
        "dateReserved": "2023-04-24T23:19:33.136Z",
        "dateUpdated": "2025-01-24T19:10:07.456Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31158 (GCVE-0-2023-31158)

    Vulnerability from nvd – Published: 2023-05-10 19:23 – Updated: 2025-01-24 19:09
    VLAI
    Title
    Improper Neutralization of Input During Web Page Generation
    Summary
    An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    SEL
    Impacted products
    Vendor Product Version
    Schweitzer Engineering Laboratories SEL-3505 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3505-3 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530-4 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3532 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3555 Affected: R134-V0 , < R150-V2 (custom)
    Affected: R134-V0 , < R149-V4 (custom)
    Affected: R134-V0 , < R148-V7 (custom)
    Affected: R134-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560S Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560E Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-2241 RTAC module Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3350 Affected: R148-V0 , < R150-V2 (custom)
    Affected: R148-V0 , < R149-V4 (custom)
    Affected: R148-V0 , < R148-V7 (custom)
    Create a notification for this product.
    Date Public
    2023-05-10 07:00
    Credits
    Andrea Palanca, Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:45:25.809Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nozominetworks.com/blog/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31158",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-24T19:09:44.725784Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-24T19:09:47.546Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505-3",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530-4",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3532",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3555",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560S",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560E",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-2241 RTAC module",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3350",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Andrea Palanca, Nozomi Networks"
            }
          ],
          "datePublic": "2023-05-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003c/div\u003e\n\n\u003cp\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242 Code Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-10T19:23:15.171Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            },
            {
              "url": "https://www.nozominetworks.com/blog/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Improper Neutralization of Input During Web Page Generation",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-31158",
        "datePublished": "2023-05-10T19:23:15.171Z",
        "dateReserved": "2023-04-24T23:19:33.136Z",
        "dateUpdated": "2025-01-24T19:09:47.546Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31157 (GCVE-0-2023-31157)

    Vulnerability from nvd – Published: 2023-05-10 19:22 – Updated: 2025-01-24 19:09
    VLAI
    Title
    Improper Neutralization of Input During Web Page Generation
    Summary
    An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    SEL
    Impacted products
    Vendor Product Version
    Schweitzer Engineering Laboratories SEL-3505 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3505-3 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530-4 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3532 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3555 Affected: R134-V0 , < R150-V2 (custom)
    Affected: R134-V0 , < R149-V4 (custom)
    Affected: R134-V0 , < R148-V7 (custom)
    Affected: R134-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560S Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560E Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-2241 RTAC module Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3350 Affected: R148-V0 , < R150-V2 (custom)
    Affected: R148-V0 , < R149-V4 (custom)
    Affected: R148-V0 , < R148-V7 (custom)
    Create a notification for this product.
    Date Public
    2023-05-10 07:00
    Credits
    Andrea Palanca, Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:45:25.689Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nozominetworks.com/blog/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31157",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-24T19:09:17.571361Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-24T19:09:33.094Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505-3",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530-4",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3532",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3555",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560S",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560E",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-2241 RTAC module",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3350",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Andrea Palanca, Nozomi Networks"
            }
          ],
          "datePublic": "2023-05-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003c/div\u003e\n\n\u003cp\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242 Code Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-10T19:22:58.877Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            },
            {
              "url": "https://www.nozominetworks.com/blog/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Improper Neutralization of Input During Web Page Generation",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-31157",
        "datePublished": "2023-05-10T19:22:58.877Z",
        "dateReserved": "2023-04-24T23:19:04.959Z",
        "dateUpdated": "2025-01-24T19:09:33.094Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31156 (GCVE-0-2023-31156)

    Vulnerability from nvd – Published: 2023-05-10 19:22 – Updated: 2025-01-24 19:08
    VLAI
    Title
    Improper Neutralization of Input During Web Page Generation
    Summary
    An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    SEL
    Impacted products
    Vendor Product Version
    Schweitzer Engineering Laboratories SEL-3505 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3505-3 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530-4 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3532 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3555 Affected: R134-V0 , < R150-V2 (custom)
    Affected: R134-V0 , < R149-V4 (custom)
    Affected: R134-V0 , < R148-V7 (custom)
    Affected: R134-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560S Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560E Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-2241 RTAC module Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3350 Affected: R148-V0 , < R150-V2 (custom)
    Affected: R148-V0 , < R149-V4 (custom)
    Affected: R148-V0 , < R148-V7 (custom)
    Create a notification for this product.
    Date Public
    2023-05-10 07:00
    Credits
    Andrea Palanca, Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:45:25.890Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nozominetworks.com/blog/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31156",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-24T19:08:45.763598Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-24T19:08:49.377Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505-3",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530-4",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3532",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3555",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560S",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560E",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-2241 RTAC module",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3350",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Andrea Palanca, Nozomi Networks"
            }
          ],
          "datePublic": "2023-05-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003c/div\u003e\n\n\u003cp\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242 Code Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-10T19:22:44.225Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            },
            {
              "url": "https://www.nozominetworks.com/blog/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Improper Neutralization of Input During Web Page Generation",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-31156",
        "datePublished": "2023-05-10T19:22:44.225Z",
        "dateReserved": "2023-04-24T23:19:04.959Z",
        "dateUpdated": "2025-01-24T19:08:49.377Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31155 (GCVE-0-2023-31155)

    Vulnerability from nvd – Published: 2023-05-10 19:22 – Updated: 2025-01-24 19:05
    VLAI
    Title
    Improper Neutralization of Input During Web Page Generation
    Summary
    An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    SEL
    Impacted products
    Vendor Product Version
    Schweitzer Engineering Laboratories SEL-3505 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3505-3 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530-4 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3532 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3555 Affected: R134-V0 , < R150-V2 (custom)
    Affected: R134-V0 , < R149-V4 (custom)
    Affected: R134-V0 , < R148-V7 (custom)
    Affected: R134-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560S Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560E Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-2241 RTAC module Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3350 Affected: R148-V0 , < R150-V2 (custom)
    Affected: R148-V0 , < R149-V4 (custom)
    Affected: R148-V0 , < R148-V7 (custom)
    Create a notification for this product.
    Date Public
    2023-05-10 07:00
    Credits
    Andrea Palanca, Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:45:25.765Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nozominetworks.com/blog/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31155",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-24T19:05:37.935719Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-24T19:05:41.753Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505-3",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530-4",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3532",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3555",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560S",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560E",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-2241 RTAC module",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3350",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Andrea Palanca, Nozomi Networks"
            }
          ],
          "datePublic": "2023-05-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003c/div\u003e\n\n\u003cp\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242 Code Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-10T19:22:32.651Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            },
            {
              "url": "https://www.nozominetworks.com/blog/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Improper Neutralization of Input During Web Page Generation",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-31155",
        "datePublished": "2023-05-10T19:22:32.651Z",
        "dateReserved": "2023-04-24T23:19:04.959Z",
        "dateUpdated": "2025-01-24T19:05:41.753Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31154 (GCVE-0-2023-31154)

    Vulnerability from nvd – Published: 2023-05-10 19:22 – Updated: 2025-01-24 19:05
    VLAI
    Title
    Improper Neutralization of Input During Web Page Generation
    Summary
    An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    SEL
    Impacted products
    Vendor Product Version
    Schweitzer Engineering Laboratories SEL-3505 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3505-3 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530-4 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3532 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3555 Affected: R134-V0 , < R150-V2 (custom)
    Affected: R134-V0 , < R149-V4 (custom)
    Affected: R134-V0 , < R148-V7 (custom)
    Affected: R134-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560S Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560E Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-2241 RTAC module Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3350 Affected: R148-V0 , < R150-V2 (custom)
    Affected: R148-V0 , < R149-V4 (custom)
    Affected: R148-V0 , < R148-V7 (custom)
    Create a notification for this product.
    Date Public
    2023-05-10 07:00
    Credits
    Andrea Palanca, Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:45:25.675Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nozominetworks.com/blog/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31154",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-24T19:05:17.174236Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-24T19:05:24.335Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505-3",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530-4",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3532",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3555",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560S",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560E",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-2241 RTAC module",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3350",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Andrea Palanca, Nozomi Networks"
            }
          ],
          "datePublic": "2023-05-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003c/div\u003e\n\n\u003cp\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242 Code Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-10T19:22:18.749Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            },
            {
              "url": "https://www.nozominetworks.com/blog/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Improper Neutralization of Input During Web Page Generation",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-31154",
        "datePublished": "2023-05-10T19:22:18.749Z",
        "dateReserved": "2023-04-24T23:19:04.958Z",
        "dateUpdated": "2025-01-24T19:05:24.335Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31153 (GCVE-0-2023-31153)

    Vulnerability from nvd – Published: 2023-05-10 19:22 – Updated: 2025-01-24 19:05
    VLAI
    Title
    Improper Neutralization of Input During Web Page Generation
    Summary
    An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.See SEL Service Bulletin dated 2022-11-15 for more details.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    SEL
    Impacted products
    Vendor Product Version
    Schweitzer Engineering Laboratories SEL-3505 Affected: R119-V0 , < R150-V2 (custom)
    Affected: R119-V0 , < R149-V4 (custom)
    Affected: R119-V0 , < R148-V7 (custom)
    Affected: R119-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3505-3 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530 Affected: R109-V0 , < R150-V2 (custom)
    Affected: R109-V0 , < R149-V4 (custom)
    Affected: R109-V0 , < R148-V7 (custom)
    Affected: R109-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530-4 Affected: R109-V0 , < R150-V2 (custom)
    Affected: R109-V0 , < R149-V4 (custom)
    Affected: R109-V0 , < R148-V7 (custom)
    Affected: R109-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3532 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3555 Affected: R134-V0 , < R150-V2 (custom)
    Affected: R134-V0 , < R149-V4 (custom)
    Affected: R134-V0 , < R148-V7 (custom)
    Affected: R134-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560S Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560E Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-2241 RTAC module Affected: R113-V0 , < R150-V2 (custom)
    Affected: R113-V0 , < R149-V4 (custom)
    Affected: R113-V0 , < R148-V7 (custom)
    Affected: R113-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3350 Affected: R148-V0 , < R150-V2 (custom)
    Affected: R148-V0 , < R149-V4 (custom)
    Affected: R148-V0 , < R148-V7 (custom)
    Create a notification for this product.
    Date Public
    2023-05-10 07:00
    Credits
    Andrea Palanca, Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:45:25.706Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nozominetworks.com/blog/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31153",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-24T19:04:43.531419Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-24T19:05:05.448Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R119-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R119-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R119-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R119-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505-3",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R109-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R109-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R109-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R109-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530-4",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R109-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R109-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R109-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R109-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3532",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3555",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560S",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560E",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-2241 RTAC module",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R113-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R113-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R113-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R113-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3350",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Andrea Palanca, Nozomi Networks"
            }
          ],
          "datePublic": "2023-05-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eSchweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/span\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003c/span\u003e\n\n\u003c/p\u003e"
                }
              ],
              "value": "An Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the\u00a0Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.See SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242 Code Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-10T19:22:06.307Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            },
            {
              "url": "https://www.nozominetworks.com/blog/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Improper Neutralization of Input During Web Page Generation",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-31153",
        "datePublished": "2023-05-10T19:22:06.307Z",
        "dateReserved": "2023-04-24T23:19:04.958Z",
        "dateUpdated": "2025-01-24T19:05:05.448Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31152 (GCVE-0-2023-31152)

    Vulnerability from nvd – Published: 2023-05-10 19:21 – Updated: 2025-01-24 19:04
    VLAI
    Title
    Authentication Bypass Using an Alternate Path or Channel
    Summary
    An Authentication Bypass Using an Alternate Path or Channel vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface allows Authentication Bypass. See SEL Service Bulletin dated 2022-11-15 for more details.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
    Assigner
    SEL
    Impacted products
    Vendor Product Version
    Schweitzer Engineering Laboratories SEL-3505 Affected: R147-V0 , < R150-V2 (custom)
    Affected: R147-V0 , < R149-V4 (custom)
    Affected: R147-V0 , < R148-V7 (custom)
    Affected: R147-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3505-3 Affected: R147-V0 , < R150-V2 (custom)
    Affected: R147-V0 , < R149-V4 (custom)
    Affected: R147-V0 , < R148-V7 (custom)
    Affected: R147-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530 Affected: R147-V0 , < R150-V2 (custom)
    Affected: R147-V0 , < R149-V4 (custom)
    Affected: R147-V0 , < R148-V7 (custom)
    Affected: R147-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530-4 Affected: R147-V0 , < R150-V2 (custom)
    Affected: R147-V0 , < R149-V4 (custom)
    Affected: R147-V0 , < R148-V7 (custom)
    Affected: R147-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3532 Affected: R147-V0 , < R150-V2 (custom)
    Affected: R147-V0 , < R149-V4 (custom)
    Affected: R147-V0 , < R148-V7 (custom)
    Affected: R147-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3555 Affected: R147-V0 , < R150-V2 (custom)
    Affected: R147-V0 , < R149-V4 (custom)
    Affected: R147-V0 , < R148-V7 (custom)
    Affected: R147-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560S Affected: R147-V0 , < R150-V2 (custom)
    Affected: R147-V0 , < R149-V4 (custom)
    Affected: R147-V0 , < R148-V7 (custom)
    Affected: R147-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560E Affected: R147-V0 , < R150-V2 (custom)
    Affected: R147-V0 , < R149-V4 (custom)
    Affected: R147-V0 , < R148-V7 (custom)
    Affected: R147-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-2241 RTAC module Affected: R147-V0 , < R150-V2 (custom)
    Affected: R147-V0 , < R149-V4 (custom)
    Affected: R147-V0 , < R148-V7 (custom)
    Affected: R147-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3350 Affected: R148-V0 , < R150-V2 (custom)
    Affected: R148-V0 , < R149-V4 (custom)
    Affected: R148-V0 , < R148-V7 (custom)
    Create a notification for this product.
    Date Public
    2023-05-10 07:00
    Credits
    Andrea Palanca, Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:45:25.728Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nozominetworks.com/blog/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31152",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-24T19:04:22.247927Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-24T19:04:25.192Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505-3",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530-4",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3532",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3555",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560S",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560E",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-2241 RTAC module",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3350",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Andrea Palanca, Nozomi Networks"
            }
          ],
          "datePublic": "2023-05-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Authentication Bypass Using an Alternate Path or Channel vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface allows Authentication Bypass. \u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003c/span\u003e\n\n\u003c/p\u003e"
                }
              ],
              "value": "An Authentication Bypass Using an Alternate Path or Channel vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface allows Authentication Bypass. \nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-288",
                  "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-10T19:21:50.029Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            },
            {
              "url": "https://www.nozominetworks.com/blog/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Authentication Bypass Using an Alternate Path or Channel",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-31152",
        "datePublished": "2023-05-10T19:21:50.029Z",
        "dateReserved": "2023-04-24T23:19:04.957Z",
        "dateUpdated": "2025-01-24T19:04:25.192Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31151 (GCVE-0-2023-31151)

    Vulnerability from nvd – Published: 2023-05-10 19:21 – Updated: 2025-01-24 19:04
    VLAI
    Title
    Improper Certificate Validation
    Summary
    An Improper Certificate Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote unauthenticated attacker to conduct a man-in-the-middle (MitM) attack. See SEL Service Bulletin dated 2022-11-15 for more details.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper Certificate Validation
    Assigner
    SEL
    Impacted products
    Vendor Product Version
    Schweitzer Engineering Laboratories SEL-3505 Affected: R147-V0 , < R150-V2 (custom)
    Affected: R147-V0 , < R149-V4 (custom)
    Affected: R147-V0 , < R148-V7 (custom)
    Affected: R147-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3505-3 Affected: R147-V0 , < R150-V2 (custom)
    Affected: R147-V0 , < R149-V4 (custom)
    Affected: R147-V0 , < R148-V7 (custom)
    Affected: R147-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530 Affected: R147-V0 , < R150-V2 (custom)
    Affected: R147-V0 , < R149-V4 (custom)
    Affected: R147-V0 , < R148-V7 (custom)
    Affected: R147-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530-4 Affected: R147-V0 , < R150-V2 (custom)
    Affected: R147-V0 , < R149-V4 (custom)
    Affected: R147-V0 , < R148-V7 (custom)
    Affected: R147-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3532 Affected: R147-V0 , < R150-V2 (custom)
    Affected: R147-V0 , < R149-V4 (custom)
    Affected: R147-V0 , < R148-V7 (custom)
    Affected: R147-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3555 Affected: R147-V0 , < R150-V2 (custom)
    Affected: R147-V0 , < R149-V4 (custom)
    Affected: R147-V0 , < R148-V7 (custom)
    Affected: R147-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560S Affected: R147-V0 , < R150-V2 (custom)
    Affected: R147-V0 , < R149-V4 (custom)
    Affected: R147-V0 , < R148-V7 (custom)
    Affected: R147-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560E Affected: R147-V0 , < R150-V2 (custom)
    Affected: R147-V0 , < R149-V4 (custom)
    Affected: R147-V0 , < R148-V7 (custom)
    Affected: R147-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-2241 RTAC module Affected: R147-V0 , < R150-V2 (custom)
    Affected: R147-V0 , < R149-V4 (custom)
    Affected: R147-V0 , < R148-V7 (custom)
    Affected: R147-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3350 Affected: R148-V0 , < R150-V2 (custom)
    Affected: R148-V0 , < R149-V4 (custom)
    Affected: R148-V0 , < R148-V7 (custom)
    Create a notification for this product.
    Date Public
    2023-05-10 07:00
    Credits
    Andrea Palanca, Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:45:25.853Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nozominetworks.com/blog/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31151",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-24T19:04:00.595043Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-24T19:04:04.464Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505-3",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530-4",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3532",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3555",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560S",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560E",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-2241 RTAC module",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R147-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3350",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Andrea Palanca, Nozomi Networks"
            }
          ],
          "datePublic": "2023-05-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Improper Certificate Validation vulnerability \n\nin the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface\n\ncould allow a remote unauthenticated attacker to conduct a man-in-the-middle (MitM) attack.\u003cbr\u003e\u003cp\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "An Improper Certificate Validation vulnerability \n\nin the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface\n\ncould allow a remote unauthenticated attacker to conduct a man-in-the-middle (MitM) attack.\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-94",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-94 Man in the Middle Attack"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295 Improper Certificate Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-10T19:21:30.649Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            },
            {
              "url": "https://www.nozominetworks.com/blog/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Improper Certificate Validation",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-31151",
        "datePublished": "2023-05-10T19:21:30.649Z",
        "dateReserved": "2023-04-24T23:19:04.957Z",
        "dateUpdated": "2025-01-24T19:04:04.464Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31150 (GCVE-0-2023-31150)

    Vulnerability from nvd – Published: 2023-05-10 19:21 – Updated: 2025-01-27 18:17
    VLAI
    Title
    Storing Passwords in a Recoverable Format
    Summary
    A Storing Passwords in a Recoverable Format vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) database system could allow an authenticated attacker to retrieve passwords. See SEL Service Bulletin dated 2022-11-15 for more details.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-257 - Storing Passwords in a Recoverable Format
    Assigner
    SEL
    Impacted products
    Vendor Product Version
    Schweitzer Engineering Laboratories SEL-3505 Affected: R122-V0 , < R150-V2 (custom)
    Affected: R122-V0 , < R149-V4 (custom)
    Affected: R122-V0 , < R148-V7 (custom)
    Affected: R122-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3505-3 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530 Affected: R122-V0 , < R150-V2 (custom)
    Affected: R122-V0 , < R149-V4 (custom)
    Affected: R122-V0 , < R148-V7 (custom)
    Affected: R122-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530-4 Affected: R122-V0 , < R150-V2 (custom)
    Affected: R122-V0 , < R149-V4 (custom)
    Affected: R122-V0 , < R148-V7 (custom)
    Affected: R122-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3532 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3555 Affected: R134-V0 , < R150-V2 (custom)
    Affected: R134-V0 , < R149-V4 (custom)
    Affected: R134-V0 , < R148-V7 (custom)
    Affected: R134-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560S Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560E Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-2241 RTAC module Affected: R122-V0 , < R150-V2 (custom)
    Affected: R122-V0 , < R149-V4 (custom)
    Affected: R122-V0 , < R148-V7 (custom)
    Affected: R122-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3350 Affected: R148-V0 , < R150-V2 (custom)
    Affected: R148-V0 , < R149-V4 (custom)
    Affected: R148-V0 , < R148-V7 (custom)
    Create a notification for this product.
    Date Public
    2023-05-10 07:00
    Credits
    Andrea Palanca, Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:45:26.210Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nozominetworks.com/blog/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31150",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-27T18:17:06.700639Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-27T18:17:15.598Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Database"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R122-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R122-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R122-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R122-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Database"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505-3",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Database"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R122-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R122-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R122-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R122-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Database"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530-4",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R122-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R122-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R122-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R122-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Database"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3532",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Database"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3555",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Database"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560S",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Database"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560E",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Database"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-2241 RTAC module",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R122-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R122-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R122-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R122-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Database"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3350",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Andrea Palanca, Nozomi Networks"
            }
          ],
          "datePublic": "2023-05-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nA Storing Passwords in a Recoverable Format vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) database system could allow an authenticated attacker to retrieve passwords.\u003cbr\u003e\u003cp\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "\nA Storing Passwords in a Recoverable Format vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) database system could allow an authenticated attacker to retrieve passwords.\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-50",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-50 Password Recovery Exploitation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-257",
                  "description": "CWE-257 Storing Passwords in a Recoverable Format",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-10T19:21:07.126Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            },
            {
              "url": "https://www.nozominetworks.com/blog/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Storing Passwords in a Recoverable Format",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-31150",
        "datePublished": "2023-05-10T19:21:07.126Z",
        "dateReserved": "2023-04-24T23:19:04.957Z",
        "dateUpdated": "2025-01-27T18:17:15.598Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31149 (GCVE-0-2023-31149)

    Vulnerability from nvd – Published: 2023-05-10 19:20 – Updated: 2025-01-27 18:18
    VLAI
    Title
    Improper Input Validation in Web Interface
    Summary
    An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code. See SEL Service Bulletin dated 2022-11-15 for more details.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    SEL
    Impacted products
    Vendor Product Version
    Schweitzer Engineering Laboratories SEL-3505 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3505-3 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530-4 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3532 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3555 Affected: R134-V0 , < R150-V2 (custom)
    Affected: R134-V0 , < R149-V4 (custom)
    Affected: R134-V0 , < R148-V7 (custom)
    Affected: R134-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560S Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560E Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-2241 RTAC module Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3350 Affected: R148-V0 , < R150-V2 (custom)
    Affected: R148-V0 , < R149-V4 (custom)
    Affected: R148-V0 , < R148-V7 (custom)
    Create a notification for this product.
    Date Public
    2023-05-10 07:00
    Credits
    Andrea Palanca, Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:45:25.816Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nozominetworks.com/blog/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31149",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-27T18:18:11.608895Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-27T18:18:20.153Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505-3",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530-4",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3532",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3555",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560S",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560E",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-2241 RTAC module",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3350",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Andrea Palanca, Nozomi Networks"
            }
          ],
          "datePublic": "2023-05-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nAn Improper Input Validation vulnerability \n\nin the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code.\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e\n\n"
                }
              ],
              "value": "\nAn Improper Input Validation vulnerability \n\nin the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code.\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242 Code Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-10T19:20:16.373Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            },
            {
              "url": "https://www.nozominetworks.com/blog/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Improper Input Validation in Web Interface",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-31149",
        "datePublished": "2023-05-10T19:20:16.373Z",
        "dateReserved": "2023-04-24T23:19:04.956Z",
        "dateUpdated": "2025-01-27T18:18:20.153Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31148 (GCVE-0-2023-31148)

    Vulnerability from nvd – Published: 2023-05-10 19:20 – Updated: 2025-01-27 18:19
    VLAI
    Title
    Improper Input Validation in Web Interface
    Summary
    An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code. See SEL Service Bulletin dated 2022-11-15 for more details.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    SEL
    Impacted products
    Vendor Product Version
    Schweitzer Engineering Laboratories SEL-3505 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3505-3 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530-4 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3532 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3555 Affected: R134-V0 , < R150-V2 (custom)
    Affected: R134-V0 , < R149-V4 (custom)
    Affected: R134-V0 , < R148-V7 (custom)
    Affected: R134-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560S Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560E Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-2241 RTAC module Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3350 Affected: R148-V0 , < R150-V2 (custom)
    Affected: R148-V0 , < R149-V4 (custom)
    Affected: R148-V0 , < R148-V7 (custom)
    Create a notification for this product.
    Date Public
    2023-05-10 07:00
    Credits
    Andrea Palanca, Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:45:25.818Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nozominetworks.com/blog/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31148",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-27T18:19:00.740706Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-27T18:19:19.558Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505-3",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530-4",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3532",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3555",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560S",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560E",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-2241 RTAC module",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3350",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Andrea Palanca, Nozomi Networks"
            }
          ],
          "datePublic": "2023-05-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Improper Input Validation vulnerability \n\nin the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code.\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "An Improper Input Validation vulnerability \n\nin the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code.\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242 Code Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-10T19:20:03.147Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            },
            {
              "url": "https://www.nozominetworks.com/blog/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Improper Input Validation in Web Interface",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-31148",
        "datePublished": "2023-05-10T19:20:03.147Z",
        "dateReserved": "2023-04-24T23:19:04.956Z",
        "dateUpdated": "2025-01-27T18:19:19.558Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2310 (GCVE-0-2023-2310)

    Vulnerability from nvd – Published: 2023-05-10 19:18 – Updated: 2025-01-27 18:20
    VLAI
    Title
    Channel Accessible by Non-Endpoint
    Summary
    A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer Engineering Laboratories SEL Real-Time Automation Controller (RTAC) could allow a remote attacker to perform a man-in-the-middle (MiTM) that could result in denial of service. See the ACSELERATOR RTAC SEL-5033 Software instruction manual date code 20210915 for more details.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-300 - Channel Accessible by Non-Endpoint
    Assigner
    SEL
    Impacted products
    Vendor Product Version
    Schweitzer Engineering Laboratories SEL-3505 Affected: R119-V0 , < R150-V2 (custom)
    Affected: R119-V0 , < R149-V4 (custom)
    Affected: R119-V0 , < R148-V7 (custom)
    Affected: R119-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories, Inc. SEL-3505-3 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530 Affected: R100-V0 , < R150-V2 (custom)
    Affected: R100-V0 , < R149-V4 (custom)
    Affected: R100-V0 , < R148-V7 (custom)
    Affected: R100-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories, Inc. SEL-3530-4 Affected: R108-V0 , < R150-V2 (custom)
    Affected: R108-V0 , < R149-V4 (custom)
    Affected: R108-V0 , < R148-V7 (custom)
    Affected: R108-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories, Inc. SEL-3532 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories, Inc. SEL-3555 Affected: R134-V0 , < R150-V2 (custom)
    Affected: R134-V0 , < R149-V4 (custom)
    Affected: R134-V0 , < R148-V7 (custom)
    Affected: R134-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories, Inc. SEL-3560S Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories, Inc. SEL-3560E Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories, Inc. SEL-2241 RTAC module Affected: R113-V0 , < R150-V2 (custom)
    Affected: R113-V0 , < R149-V4 (custom)
    Affected: R113-V0 , < R148-V7 (custom)
    Affected: R113-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories, Inc. SEL-3350 Affected: R148-V0 , < R150-V2 (custom)
    Affected: R148-V0 , < R149-V4 (custom)
    Affected: R148-V0 , < R148-V7 (custom)
    Create a notification for this product.
    Date Public
    2023-05-10 07:00
    Credits
    Adeen Ayub, Syed Ali Qasim, Irfan Ahmed, Virginia Commonwealth University
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:19:14.854Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2310",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-27T18:20:24.063475Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-27T18:20:35.192Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R119-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R119-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R119-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R119-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505-3",
              "vendor": "Schweitzer Engineering Laboratories, Inc.",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R100-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R100-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R100-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R100-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530-4",
              "vendor": "Schweitzer Engineering Laboratories, Inc.",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R108-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R108-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R108-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R108-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3532",
              "vendor": "Schweitzer Engineering Laboratories, Inc.",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3555",
              "vendor": "Schweitzer Engineering Laboratories, Inc.",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560S",
              "vendor": "Schweitzer Engineering Laboratories, Inc.",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560E",
              "vendor": "Schweitzer Engineering Laboratories, Inc.",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "SEL-2241 RTAC module",
              "vendor": "Schweitzer Engineering Laboratories, Inc.",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R113-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R113-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R113-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R113-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3350",
              "vendor": "Schweitzer Engineering Laboratories, Inc.",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Adeen Ayub, Syed Ali Qasim, Irfan Ahmed, Virginia Commonwealth University"
            }
          ],
          "datePublic": "2023-05-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer Engineering Laboratories SEL Real-Time Automation Controller (RTAC) could allow a remote attacker to perform a man-in-the-middle (MiTM) that could result in denial of service.\u003cbr\u003e\u003cbr\u003eSee the ACSELERATOR RTAC SEL-5033 Software instruction manual date code 20210915 for more details."
                }
              ],
              "value": "A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer Engineering Laboratories SEL Real-Time Automation Controller (RTAC) could allow a remote attacker to perform a man-in-the-middle (MiTM) that could result in denial of service.\n\nSee the ACSELERATOR RTAC SEL-5033 Software instruction manual date code 20210915 for more details."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-469",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-469 DoS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-300",
                  "description": "CWE-300 Channel Accessible by Non-Endpoint",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-10T19:18:43.806Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Channel Accessible by Non-Endpoint",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-2310",
        "datePublished": "2023-05-10T19:18:43.806Z",
        "dateReserved": "2023-04-26T18:25:33.932Z",
        "dateUpdated": "2025-01-27T18:20:35.192Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31166 (GCVE-0-2023-31166)

    Vulnerability from cvelistv5 – Published: 2023-05-10 19:25 – Updated: 2025-01-24 19:28
    VLAI
    Title
    Improper Limitation of a Pathname to a Restricted Directory
    Summary
    An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to create folders in arbitrary paths of the file system. See SEL Service Bulletin dated 2022-11-15 for more details.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    SEL
    Impacted products
    Vendor Product Version
    Schweitzer Engineering Laboratories SEL-3505 Affected: R126-V0 , < R150-V2 (custom)
    Affected: R126-V0 , < R149-V4 (custom)
    Affected: R126-V0 , < R148-V7 (custom)
    Affected: R126-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3505-3 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530 Affected: R126-V0 , < R150-V2 (custom)
    Affected: R126-V0 , < R149-V4 (custom)
    Affected: R126-V0 , < R148-V7 (custom)
    Affected: R126-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530-4 Affected: R126-V0 , < R150-V2 (custom)
    Affected: R126-V0 , < R149-V4 (custom)
    Affected: R126-V0 , < R148-V7 (custom)
    Affected: R126-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3532 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3555 Affected: R134-V0 , < R150-V2 (custom)
    Affected: R134-V0 , < R149-V4 (custom)
    Affected: R134-V0 , < R148-V7 (custom)
    Affected: R134-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560S Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560E Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-2241 RTAC module Affected: R126-V0 , < R150-V2 (custom)
    Affected: R126-V0 , < R149-V4 (custom)
    Affected: R126-V0 , < R148-V7 (custom)
    Affected: R126-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3350 Affected: R148-V0 , < R150-V2 (custom)
    Affected: R148-V0 , < R149-V4 (custom)
    Affected: R148-V0 , < R148-V7 (custom)
    Create a notification for this product.
    Date Public
    2023-05-10 07:00
    Credits
    Andrea Palanca, Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:45:25.866Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nozominetworks.com/blog/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31166",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-24T19:28:10.395795Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-24T19:28:19.480Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R126-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R126-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R126-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R126-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505-3",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R126-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R126-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R126-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R126-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530-4",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R126-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R126-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R126-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R126-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3532",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3555",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560S",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560E",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-2241 RTAC module",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R126-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R126-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R126-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R126-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3350",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Andrea Palanca, Nozomi Networks"
            }
          ],
          "datePublic": "2023-05-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to create folders in arbitrary paths of the file system.\u003cbr\u003e\u003cbr\u003eSee SEL Service Bulletin dated 2022-11-15 for more details."
                }
              ],
              "value": "An Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to create folders in arbitrary paths of the file system.\n\nSee SEL Service Bulletin dated 2022-11-15 for more details."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-643",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-643 Identify Shared Files/Directories on System"
                }
              ]
            },
            {
              "capecId": "CAPEC-176",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-176 Configuration/Environment Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-10T19:25:59.606Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            },
            {
              "url": "https://www.nozominetworks.com/blog/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Improper Limitation of a Pathname to a Restricted Directory",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-31166",
        "datePublished": "2023-05-10T19:25:59.606Z",
        "dateReserved": "2023-04-24T23:19:33.137Z",
        "dateUpdated": "2025-01-24T19:28:19.480Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31165 (GCVE-0-2023-31165)

    Vulnerability from cvelistv5 – Published: 2023-05-10 19:25 – Updated: 2025-01-24 19:27
    VLAI
    Title
    Improper Neutralization of Input During Web Page Generation
    Summary
    An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    SEL
    Impacted products
    Vendor Product Version
    Schweitzer Engineering Laboratories SEL-3505 Affected: R119-V0 , < R150-V2 (custom)
    Affected: R119-V0 , < R149-V4 (custom)
    Affected: R119-V0 , < R148-V7 (custom)
    Affected: R119-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3505-3 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530 Affected: R100-V0 , < R150-V2 (custom)
    Affected: R100-V0 , < R149-V4 (custom)
    Affected: R100-V0 , < R148-V7 (custom)
    Affected: R100-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530-4 Affected: R108-V0 , < R150-V2 (custom)
    Affected: R108-V0 , < R149-V4 (custom)
    Affected: R108-V0 , < R148-V7 (custom)
    Affected: R108-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3532 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3555 Affected: R134-V0 , < R150-V2 (custom)
    Affected: R134-V0 , < R149-V4 (custom)
    Affected: R134-V0 , < R148-V7 (custom)
    Affected: R134-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560S Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560E Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-2241 RTAC module Affected: R113-V0 , < R150-V2 (custom)
    Affected: R113-V0 , < R149-V4 (custom)
    Affected: R113-V0 , < R148-V7 (custom)
    Affected: R113-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3350 Affected: R148-V0 , < R150-V2 (custom)
    Affected: R148-V0 , < R149-V4 (custom)
    Affected: R148-V0 , < R148-V7 (custom)
    Create a notification for this product.
    Date Public
    2023-05-10 07:00
    Credits
    Andrea Palanca, Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:45:25.790Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nozominetworks.com/blog/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31165",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-24T19:27:51.348037Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-24T19:27:55.295Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R119-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R119-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R119-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R119-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505-3",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R100-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R100-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R100-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R100-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530-4",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R108-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R108-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R108-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R108-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3532",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3555",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560S",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560E",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-2241 RTAC module",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R113-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R113-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R113-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R113-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3350",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Andrea Palanca, Nozomi Networks"
            }
          ],
          "datePublic": "2023-05-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003cbr\u003e\u003cdiv\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003c/div\u003e\u003c/div\u003e\n\n"
                }
              ],
              "value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242 Code Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-10T19:25:34.186Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            },
            {
              "url": "https://www.nozominetworks.com/blog/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Improper Neutralization of Input During Web Page Generation",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-31165",
        "datePublished": "2023-05-10T19:25:34.186Z",
        "dateReserved": "2023-04-24T23:19:33.137Z",
        "dateUpdated": "2025-01-24T19:27:55.295Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31164 (GCVE-0-2023-31164)

    Vulnerability from cvelistv5 – Published: 2023-05-10 19:25 – Updated: 2025-01-24 19:27
    VLAI
    Title
    Improper Neutralization of Input During Web Page Generation
    Summary
    An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    SEL
    Impacted products
    Vendor Product Version
    Schweitzer Engineering Laboratories SEL-3505 Affected: R119-V0 , < R150-V2 (custom)
    Affected: R119-V0 , < R149-V4 (custom)
    Affected: R119-V0 , < R148-V7 (custom)
    Affected: R119-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3505-3 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530 Affected: R100-V0 , < R150-V2 (custom)
    Affected: R100-V0 , < R149-V4 (custom)
    Affected: R100-V0 , < R148-V7 (custom)
    Affected: R100-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530-4 Affected: R108-V0 , < R150-V2 (custom)
    Affected: R108-V0 , < R149-V4 (custom)
    Affected: R108-V0 , < R148-V7 (custom)
    Affected: R108-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3532 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3555 Affected: R134-V0 , < R150-V2 (custom)
    Affected: R134-V0 , < R149-V4 (custom)
    Affected: R134-V0 , < R148-V7 (custom)
    Affected: R134-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560S Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560E Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-2241 RTAC module Affected: R113-V0 , < R150-V2 (custom)
    Affected: R113-V0 , < R149-V4 (custom)
    Affected: R113-V0 , < R148-V7 (custom)
    Affected: R113-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3350 Affected: R148-V0 , < R150-V2 (custom)
    Affected: R148-V0 , < R149-V4 (custom)
    Affected: R148-V0 , < R148-V7 (custom)
    Create a notification for this product.
    Date Public
    2023-05-10 07:00
    Credits
    Andrea Palanca, Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:45:25.764Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nozominetworks.com/blog/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31164",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-24T19:27:36.186170Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-24T19:27:38.573Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R119-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R119-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R119-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R119-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505-3",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R100-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R100-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R100-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R100-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530-4",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R108-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R108-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R108-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R108-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3532",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3555",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560S",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560E",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-2241 RTAC module",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R113-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R113-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R113-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R113-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3350",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Andrea Palanca, Nozomi Networks"
            }
          ],
          "datePublic": "2023-05-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003cbr\u003e\u003cdiv\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003c/div\u003e\u003c/div\u003e\n\n"
                }
              ],
              "value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242 Code Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-10T19:25:16.534Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            },
            {
              "url": "https://www.nozominetworks.com/blog/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Improper Neutralization of Input During Web Page Generation",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-31164",
        "datePublished": "2023-05-10T19:25:16.534Z",
        "dateReserved": "2023-04-24T23:19:33.137Z",
        "dateUpdated": "2025-01-24T19:27:38.573Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31163 (GCVE-0-2023-31163)

    Vulnerability from cvelistv5 – Published: 2023-05-10 19:24 – Updated: 2025-01-24 19:27
    VLAI
    Title
    Improper Neutralization of Input During Web Page Generation
    Summary
    An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    SEL
    Impacted products
    Vendor Product Version
    Schweitzer Engineering Laboratories SEL-3505 Affected: R119-V0 , < R150-V2 (custom)
    Affected: R119-V0 , < R149-V4 (custom)
    Affected: R119-V0 , < R148-V7 (custom)
    Affected: R119-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3505-3 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530 Affected: R100-V0 , < R150-V2 (custom)
    Affected: R100-V0 , < R149-V4 (custom)
    Affected: R100-V0 , < R148-V7 (custom)
    Affected: R100-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530-4 Affected: R108-V0 , < R150-V2 (custom)
    Affected: R108-V0 , < R149-V4 (custom)
    Affected: R108-V0 , < R148-V7 (custom)
    Affected: R108-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3532 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3555 Affected: R134-V0 , < R150-V2 (custom)
    Affected: R134-V0 , < R149-V4 (custom)
    Affected: R134-V0 , < R148-V7 (custom)
    Affected: R134-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560S Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560E Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-2241 RTAC module Affected: R113-V0 , < R150-V2 (custom)
    Affected: R113-V0 , < R149-V4 (custom)
    Affected: R113-V0 , < R148-V7 (custom)
    Affected: R113-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3350 Affected: R148-V0 , < R150-V2 (custom)
    Affected: R148-V0 , < R149-V4 (custom)
    Affected: R148-V0 , < R148-V7 (custom)
    Create a notification for this product.
    Date Public
    2023-05-10 07:00
    Credits
    Andrea Palanca, Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:45:25.738Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nozominetworks.com/blog/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31163",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-24T19:27:10.625855Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-24T19:27:13.760Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R119-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R119-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R119-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R119-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505-3",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R100-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R100-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R100-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R100-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530-4",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R108-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R108-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R108-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R108-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3532",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3555",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560S",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560E",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-2241 RTAC module",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R113-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R113-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R113-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R113-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3350",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Andrea Palanca, Nozomi Networks"
            }
          ],
          "datePublic": "2023-05-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003cbr\u003e\u003cdiv\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003c/div\u003e\u003c/div\u003e\n\n"
                }
              ],
              "value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242 Code Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-10T19:24:45.965Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            },
            {
              "url": "https://www.nozominetworks.com/blog/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Improper Neutralization of Input During Web Page Generation",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-31163",
        "datePublished": "2023-05-10T19:24:45.965Z",
        "dateReserved": "2023-04-24T23:19:33.136Z",
        "dateUpdated": "2025-01-24T19:27:13.760Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31162 (GCVE-0-2023-31162)

    Vulnerability from cvelistv5 – Published: 2023-05-10 19:24 – Updated: 2025-01-24 19:26
    VLAI
    Title
    Improper Input Validation in Web Interface
    Summary
    An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to arbitrarily alter the content of a configuration file. See SEL Service Bulletin dated 2022-11-15 for more details.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    SEL
    Impacted products
    Vendor Product Version
    Schweitzer Engineering Laboratories SEL-3505 Affected: R149-V0 , < R150-V2 (custom)
    Affected: R149-V0 , < R149-V4 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3505-3 Affected: R149-V0 , < R150-V2 (custom)
    Affected: R149-V0 , < R149-V4 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530 Affected: R149-V0 , < R150-V2 (custom)
    Affected: R149-V0 , < R149-V4 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530-4 Affected: R149-V0 , < R150-V2 (custom)
    Affected: R149-V0 , < R149-V4 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3532 Affected: R149-V0 , < R150-V2 (custom)
    Affected: R149-V0 , < R149-V4 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3555 Affected: R149-V0 , < R150-V2 (custom)
    Affected: R149-V0 , < R149-V4 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560S Affected: R149-V0 , < R150-V2 (custom)
    Affected: R149-V0 , < R149-V4 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560E Affected: R149-V0 , < R150-V2 (custom)
    Affected: R149-V0 , < R149-V4 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-2241 RTAC module Affected: R149-V0 , < R150-V2 (custom)
    Affected: R149-V0 , < R149-V4 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3350 Affected: R149-V0 , < R150-V2 (custom)
    Affected: R149-V0 , < R149-V4 (custom)
    Create a notification for this product.
    Date Public
    2023-05-10 07:00
    Credits
    Andrea Palanca, Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:45:25.773Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nozominetworks.com/blog/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31162",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-24T19:26:51.589571Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-24T19:26:55.712Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R149-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R149-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505-3",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R149-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R149-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R149-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R149-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530-4",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R149-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R149-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3532",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R149-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R149-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3555",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R149-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R149-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560S",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R149-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R149-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560E",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R149-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R149-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-2241 RTAC module",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R149-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R149-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3350",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R149-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R149-V0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Andrea Palanca, Nozomi Networks"
            }
          ],
          "datePublic": "2023-05-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to arbitrarily alter the content of a configuration file.\u003cbr\u003e\u003cbr\u003eSee SEL Service Bulletin dated 2022-11-15 for more details."
                }
              ],
              "value": "An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to arbitrarily alter the content of a configuration file.\n\nSee SEL Service Bulletin dated 2022-11-15 for more details."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-176",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-176 Configuration/Environment Manipulation"
                }
              ]
            },
            {
              "capecId": "CAPEC-275",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-275 DNS Rebinding"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-10T19:24:20.480Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            },
            {
              "url": "https://www.nozominetworks.com/blog/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Improper Input Validation in Web Interface",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-31162",
        "datePublished": "2023-05-10T19:24:20.480Z",
        "dateReserved": "2023-04-24T23:19:33.136Z",
        "dateUpdated": "2025-01-24T19:26:55.712Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31160 (GCVE-0-2023-31160)

    Vulnerability from cvelistv5 – Published: 2023-05-10 19:23 – Updated: 2025-01-24 19:19
    VLAI
    Title
    Improper Neutralization of Input During Web Page Generation
    Summary
    An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    SEL
    Impacted products
    Vendor Product Version
    Schweitzer Engineering Laboratories SEL-3505 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3505-3 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530-4 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3532 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3555 Affected: R134-V0 , < R150-V2 (custom)
    Affected: R134-V0 , < R149-V4 (custom)
    Affected: R134-V0 , < R148-V7 (custom)
    Affected: R134-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560S Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560E Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-2241 RTAC module Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3350 Affected: R148-V0 , < R150-V2 (custom)
    Affected: R148-V0 , < R149-V4 (custom)
    Affected: R148-V0 , < R148-V7 (custom)
    Create a notification for this product.
    Date Public
    2023-05-10 07:00
    Credits
    Andrea Palanca, Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:45:25.879Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nozominetworks.com/blog/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31160",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-24T19:19:22.925031Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-24T19:19:25.906Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505-3",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530-4",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3532",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3555",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560S",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560E",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-2241 RTAC module",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3350",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Andrea Palanca, Nozomi Networks"
            }
          ],
          "datePublic": "2023-05-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003c/div\u003e\n\n\u003cp\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242 Code Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-10T19:23:43.200Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            },
            {
              "url": "https://www.nozominetworks.com/blog/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Improper Neutralization of Input During Web Page Generation",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-31160",
        "datePublished": "2023-05-10T19:23:43.200Z",
        "dateReserved": "2023-04-24T23:19:33.136Z",
        "dateUpdated": "2025-01-24T19:19:25.906Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31159 (GCVE-0-2023-31159)

    Vulnerability from cvelistv5 – Published: 2023-05-10 19:23 – Updated: 2025-01-24 19:10
    VLAI
    Title
    Improper Neutralization of Input During Web Page Generation
    Summary
    An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    SEL
    Impacted products
    Vendor Product Version
    Schweitzer Engineering Laboratories SEL-3505 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3505-3 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530-4 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3532 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3555 Affected: R134-V0 , < R150-V2 (custom)
    Affected: R134-V0 , < R149-V4 (custom)
    Affected: R134-V0 , < R148-V7 (custom)
    Affected: R134-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560S Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560E Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-2241 RTAC module Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3350 Affected: R148-V0 , < R150-V2 (custom)
    Affected: R148-V0 , < R149-V4 (custom)
    Affected: R148-V0 , < R148-V7 (custom)
    Create a notification for this product.
    Date Public
    2023-05-10 07:00
    Credits
    Andrea Palanca, Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:45:25.784Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nozominetworks.com/blog/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31159",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-24T19:10:03.615553Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-24T19:10:07.456Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505-3",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530-4",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3532",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3555",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560S",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560E",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-2241 RTAC module",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3350",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Andrea Palanca, Nozomi Networks"
            }
          ],
          "datePublic": "2023-05-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003c/div\u003e\n\n\u003cp\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242 Code Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-10T19:23:29.182Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            },
            {
              "url": "https://www.nozominetworks.com/blog/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Improper Neutralization of Input During Web Page Generation",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-31159",
        "datePublished": "2023-05-10T19:23:29.182Z",
        "dateReserved": "2023-04-24T23:19:33.136Z",
        "dateUpdated": "2025-01-24T19:10:07.456Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31158 (GCVE-0-2023-31158)

    Vulnerability from cvelistv5 – Published: 2023-05-10 19:23 – Updated: 2025-01-24 19:09
    VLAI
    Title
    Improper Neutralization of Input During Web Page Generation
    Summary
    An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    SEL
    Impacted products
    Vendor Product Version
    Schweitzer Engineering Laboratories SEL-3505 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3505-3 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530-4 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3532 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3555 Affected: R134-V0 , < R150-V2 (custom)
    Affected: R134-V0 , < R149-V4 (custom)
    Affected: R134-V0 , < R148-V7 (custom)
    Affected: R134-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560S Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560E Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-2241 RTAC module Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3350 Affected: R148-V0 , < R150-V2 (custom)
    Affected: R148-V0 , < R149-V4 (custom)
    Affected: R148-V0 , < R148-V7 (custom)
    Create a notification for this product.
    Date Public
    2023-05-10 07:00
    Credits
    Andrea Palanca, Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:45:25.809Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nozominetworks.com/blog/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31158",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-24T19:09:44.725784Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-24T19:09:47.546Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505-3",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530-4",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3532",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3555",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560S",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560E",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-2241 RTAC module",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3350",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Andrea Palanca, Nozomi Networks"
            }
          ],
          "datePublic": "2023-05-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003c/div\u003e\n\n\u003cp\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242 Code Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-10T19:23:15.171Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            },
            {
              "url": "https://www.nozominetworks.com/blog/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Improper Neutralization of Input During Web Page Generation",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-31158",
        "datePublished": "2023-05-10T19:23:15.171Z",
        "dateReserved": "2023-04-24T23:19:33.136Z",
        "dateUpdated": "2025-01-24T19:09:47.546Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31157 (GCVE-0-2023-31157)

    Vulnerability from cvelistv5 – Published: 2023-05-10 19:22 – Updated: 2025-01-24 19:09
    VLAI
    Title
    Improper Neutralization of Input During Web Page Generation
    Summary
    An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    SEL
    Impacted products
    Vendor Product Version
    Schweitzer Engineering Laboratories SEL-3505 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3505-3 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530-4 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3532 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3555 Affected: R134-V0 , < R150-V2 (custom)
    Affected: R134-V0 , < R149-V4 (custom)
    Affected: R134-V0 , < R148-V7 (custom)
    Affected: R134-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560S Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560E Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-2241 RTAC module Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3350 Affected: R148-V0 , < R150-V2 (custom)
    Affected: R148-V0 , < R149-V4 (custom)
    Affected: R148-V0 , < R148-V7 (custom)
    Create a notification for this product.
    Date Public
    2023-05-10 07:00
    Credits
    Andrea Palanca, Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:45:25.689Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nozominetworks.com/blog/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31157",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-24T19:09:17.571361Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-24T19:09:33.094Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505-3",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530-4",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3532",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3555",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560S",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560E",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-2241 RTAC module",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3350",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Andrea Palanca, Nozomi Networks"
            }
          ],
          "datePublic": "2023-05-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003c/div\u003e\n\n\u003cp\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242 Code Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-10T19:22:58.877Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            },
            {
              "url": "https://www.nozominetworks.com/blog/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Improper Neutralization of Input During Web Page Generation",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-31157",
        "datePublished": "2023-05-10T19:22:58.877Z",
        "dateReserved": "2023-04-24T23:19:04.959Z",
        "dateUpdated": "2025-01-24T19:09:33.094Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31156 (GCVE-0-2023-31156)

    Vulnerability from cvelistv5 – Published: 2023-05-10 19:22 – Updated: 2025-01-24 19:08
    VLAI
    Title
    Improper Neutralization of Input During Web Page Generation
    Summary
    An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    SEL
    Impacted products
    Vendor Product Version
    Schweitzer Engineering Laboratories SEL-3505 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3505-3 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530-4 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3532 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3555 Affected: R134-V0 , < R150-V2 (custom)
    Affected: R134-V0 , < R149-V4 (custom)
    Affected: R134-V0 , < R148-V7 (custom)
    Affected: R134-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560S Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560E Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-2241 RTAC module Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3350 Affected: R148-V0 , < R150-V2 (custom)
    Affected: R148-V0 , < R149-V4 (custom)
    Affected: R148-V0 , < R148-V7 (custom)
    Create a notification for this product.
    Date Public
    2023-05-10 07:00
    Credits
    Andrea Palanca, Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:45:25.890Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nozominetworks.com/blog/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31156",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-24T19:08:45.763598Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-24T19:08:49.377Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505-3",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530-4",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3532",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3555",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560S",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560E",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-2241 RTAC module",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3350",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Andrea Palanca, Nozomi Networks"
            }
          ],
          "datePublic": "2023-05-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003c/div\u003e\n\n\u003cp\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242 Code Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-10T19:22:44.225Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            },
            {
              "url": "https://www.nozominetworks.com/blog/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Improper Neutralization of Input During Web Page Generation",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-31156",
        "datePublished": "2023-05-10T19:22:44.225Z",
        "dateReserved": "2023-04-24T23:19:04.959Z",
        "dateUpdated": "2025-01-24T19:08:49.377Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31155 (GCVE-0-2023-31155)

    Vulnerability from cvelistv5 – Published: 2023-05-10 19:22 – Updated: 2025-01-24 19:05
    VLAI
    Title
    Improper Neutralization of Input During Web Page Generation
    Summary
    An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    SEL
    Impacted products
    Vendor Product Version
    Schweitzer Engineering Laboratories SEL-3505 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3505-3 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3530-4 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3532 Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3555 Affected: R134-V0 , < R150-V2 (custom)
    Affected: R134-V0 , < R149-V4 (custom)
    Affected: R134-V0 , < R148-V7 (custom)
    Affected: R134-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560S Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3560E Affected: R144-V2 , < R150-V2 (custom)
    Affected: R144-V2 , < R149-V4 (custom)
    Affected: R144-V2 , < R148-V7 (custom)
    Affected: R144-V2 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-2241 RTAC module Affected: R132-V0 , < R150-V2 (custom)
    Affected: R132-V0 , < R149-V4 (custom)
    Affected: R132-V0 , < R148-V7 (custom)
    Affected: R132-V0 , < R147-V6 (custom)
    Create a notification for this product.
    Schweitzer Engineering Laboratories SEL-3350 Affected: R148-V0 , < R150-V2 (custom)
    Affected: R148-V0 , < R149-V4 (custom)
    Affected: R148-V0 , < R148-V7 (custom)
    Create a notification for this product.
    Date Public
    2023-05-10 07:00
    Credits
    Andrea Palanca, Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:45:25.765Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nozominetworks.com/blog/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31155",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-24T19:05:37.935719Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-24T19:05:41.753Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3505-3",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3530-4",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3532",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3555",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R134-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560S",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3560E",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R144-V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-2241 RTAC module",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R147-V6",
                  "status": "affected",
                  "version": "R132-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Web management interface"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "SEL-3350",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R150-V2",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R149-V4",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R148-V7",
                  "status": "affected",
                  "version": "R148-V0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Andrea Palanca, Nozomi Networks"
            }
          ],
          "datePublic": "2023-05-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cdiv\u003e\u003cdiv\u003eAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\u003c/div\u003e\u003c/div\u003e\n\n\u003cp\u003eSee SEL Service Bulletin dated 2022-11-15 for more details.\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "\nAn Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242 Code Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-10T19:22:32.651Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            },
            {
              "url": "https://www.nozominetworks.com/blog/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Improper Neutralization of Input During Web Page Generation",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-31155",
        "datePublished": "2023-05-10T19:22:32.651Z",
        "dateReserved": "2023-04-24T23:19:04.959Z",
        "dateUpdated": "2025-01-24T19:05:41.753Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }