Lucene search
HistoryMay 10, 2023 - 8:15 p.m.
CVE-2023-31151
cve-2023-31151
schweitzer engineering laboratories
sel rtac
certificate validation
mitm attack
nvd
security bulletin
4.7 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
4.6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
35.6%
An Improper Certificate Validation vulnerability
in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface
could allow a remote unauthenticated attacker to conduct a man-in-the-middle (MitM) attack.
See SEL Service Bulletin dated 2022-11-15 for more details.
Affected configurations
Node
selincsel-2241_rtac_module_firmwareRanger147-v0–r150-v2
selincsel-2241_rtac_moduleMatch-
Node
selincsel-3350_firmwareRanger148-v0–r150-v2
selincsel-3350Match-
Node
selincsel-3505_firmwareRanger147-v0–r150-v2
selincsel-3505Match-
Node
selincsel-3505-3_firmwareRanger147-v0–r150-v2
selincsel-3505-3Match-
Node
selincsel-3530_firmwareRanger147-v0–r150-v2
selincsel-3530Match-
Node
selincsel-3530-4_firmwareRanger147-v0–r150-v2
selincsel-3530-4Match-
Node
selincsel-3532_firmwareRanger147-v0–r150-v2
selincsel-3532Match-
Node
selincsel-3555_firmwareRanger147-v0–r150-v2
selincsel-3555Match-
Node
selincsel-3560e_firmwareRanger147-v0–r150-v2
selincsel-3560eMatch-
Node
selincsel-3560s_firmwareRanger147-v0–r150-v2
selincsel-3560sMatch-
| CPE | Name | Operator | Version |
|---|---|---|---|
| selinc:sel-2241_rtac_module_firmware | selinc sel-2241 rtac module firmware | lt | r150-v2 |
CNA Affected
[
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R147-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
]Related
prion
prion
Input validation
2023-05-10 20:15:00
nvd
nvd
CVE-2023-31151
2023-05-10 20:15:10
nessus
nessus
cvelist
cvelist
CVE-2023-31151 Improper Certificate Validation
2023-05-10 19:21:30
4.7 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
4.6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
35.6%
Related for CVE-2023-31151