{"vulnerability": "cve-2023-3116", "sightings": [{"uuid": "ae4da3cb-b24a-45a5-8b35-e5c4f4845d78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-31169", "type": "seen", "source": "https://t.me/cibsecurity/69568", "content": "\u203c CVE-2023-31169 \u203c\n\nAn Improper Handling of Unicode Encoding vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator.See Instruction Manual Appendix A and Appendix E dated 20230615 for more details.This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-31T20:13:22.000000Z"}, {"uuid": "f57697fa-3d5f-4493-b212-7add471f7bae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-31168", "type": "seen", "source": "https://t.me/cibsecurity/69574", "content": "\u203c CVE-2023-31168 \u203c\n\nAn Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator.See Instruction Manual Appendix A and Appendix E dated 20230615 for more details.This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-31T20:13:33.000000Z"}, {"uuid": "79193e34-2ec4-4d1e-b64a-3979ee8eff4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-31167", "type": "seen", "source": "https://t.me/cibsecurity/69564", "content": "\u203c CVE-2023-31167 \u203c\n\nImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Schweitzer Engineering Laboratories SEL-5036 acSELerator Bay Screen Builder Software on Windows allows Relative Path Traversal.SEL acSELerator Bay Screen Builder software is distributed by SEL-5033 SEL acSELerator RTAC, SEL-5030 Quickset, and SEL Compass. CVE-2023-31167 and was patched in the acSELerator Bay Screen Builder release available on 20230602. Please contact SEL for additional details.This issue affects SEL-5036 acSELerator Bay Screen Builder Software: before 1.0.49152.778.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-31T20:13:18.000000Z"}, {"uuid": "13b27180-1fad-4ac2-9138-74110d51fb5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-31160", "type": "seen", "source": "https://t.me/cibsecurity/63835", "content": "\u203c CVE-2023-31160 \u203c\n\nAn Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.See SEL Service Bulletin dated 2022-11-15 for more details.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-11T00:14:42.000000Z"}, {"uuid": "bbe511d6-5139-439d-a7e7-5f5cedb47c10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-31165", "type": "seen", "source": "https://t.me/cibsecurity/63846", "content": "\u203c CVE-2023-31165 \u203c\n\nAn Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.See SEL Service Bulletin dated 2022-11-15 for more details.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-11T00:14:59.000000Z"}, {"uuid": "4f4a52de-5d4c-4959-87b1-84c72a080586", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-31166", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3014", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-31166\n\ud83d\udd39 Description: An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to create folders in arbitrary paths of the file system.\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\ud83d\udccf Published: 2023-05-10T19:25:59.606Z\n\ud83d\udccf Modified: 2025-01-24T19:28:19.480Z\n\ud83d\udd17 References:\n1. https://selinc.com/support/security-notifications/external-reports/\n2. https://www.nozominetworks.com/blog/", "creation_timestamp": "2025-01-24T20:04:59.000000Z"}, {"uuid": "910df9d8-68da-4abc-838b-9c6b25073c02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-31168", "type": "seen", "source": "Telegram/H3UUabEv1xs7Kg01Ip9h9p1g1MjfOWbKEpWB7-OtF_k2Ew", "content": "", "creation_timestamp": "2023-09-06T14:28:04.000000Z"}, {"uuid": "d354c5b4-ad19-40d0-86b3-2d36e6f14269", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-31168", "type": "seen", "source": "https://t.me/KomunitiSiber/749", "content": "9 Alarming Vulnerabilities Uncovered in SEL's Power Management Products\nhttps://thehackernews.com/2023/09/9-alarming-vulnerabilities-uncovered-in.html\n\nNine security flaws have been disclosed in electric power management products made by Schweitzer Engineering Laboratories (SEL).\n\u201cThe most severe of those nine vulnerabilities would allow a threat actor to facilitate remote code execution (RCE) on an engineering workstation,\u201d Nozomi Networks\u00a0said\u00a0in a report published last week.\nThe issues, tracked as CVE-2023-34392 and from CVE-2023-31168", "creation_timestamp": "2023-09-06T13:09:23.000000Z"}, {"uuid": "594695c2-f975-438e-9516-2c2e611275f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-31169", "type": "seen", "source": "https://t.me/arpsyndicate/2424", "content": "#ExploitObserverAlert\n\nCVE-2023-31169\n\nDESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-31169. An Improper Handling of Unicode Encoding vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator.      See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.\n\nFIRST-EPSS: 0.000460000\nNVD-IS: 3.6\nNVD-ES: 2.1", "creation_timestamp": "2024-01-04T03:58:28.000000Z"}, {"uuid": "2d95f6ad-83bc-449f-851f-d215c2b288ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-31163", "type": "seen", "source": "https://t.me/cibsecurity/63850", "content": "\u203c CVE-2023-31163 \u203c\n\nAn Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.See SEL Service Bulletin dated 2022-11-15 for more details.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-11T00:15:03.000000Z"}, {"uuid": "ca9be481-941e-482a-9907-2494a8e34aad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-31162", "type": "seen", "source": "https://t.me/cibsecurity/63841", "content": "\u203c CVE-2023-31162 \u203c\n\nAn Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to arbitrarily alter the content of a configuration file.See SEL Service Bulletin dated 2022-11-15 for more details.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-11T00:14:51.000000Z"}, {"uuid": "3103c2d6-51a0-4150-81a9-cd9317addd8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-31161", "type": "seen", "source": "https://t.me/cibsecurity/63842", "content": "\u203c CVE-2023-31161 \u203c\n\nAn\u00c2\u00a0Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow an authenticated remote attacker to use internal resources, allowing a variety of potential effects.See SEL Service Bulletin dated 2022-11-15 for more details.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-11T00:14:55.000000Z"}, {"uuid": "0080fe4c-b54f-42e7-8366-194a934a9b7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-31166", "type": "seen", "source": "https://t.me/cibsecurity/63847", "content": "\u203c CVE-2023-31166 \u203c\n\nAn Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to create folders in arbitrary paths of the file system.See SEL Service Bulletin dated 2022-11-15 for more details.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-11T00:15:00.000000Z"}, {"uuid": "7ca2c42c-85c9-4e33-9e8b-09d507d5f6b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-31164", "type": "seen", "source": "https://t.me/cibsecurity/63839", "content": "\u203c CVE-2023-31164 \u203c\n\nAn Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.See SEL Service Bulletin dated 2022-11-15 for more details.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-11T00:14:49.000000Z"}]}