Lucene search
HistoryMay 10, 2023 - 8:15 p.m.
CVE-2023-31162
cve-2023-31162
input validation
sel rtac
web interface
vulnerability
cybersecurity
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:L
4.4 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
49.6%
An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to arbitrarily alter the content of a configuration file.
See SEL Service Bulletin dated 2022-11-15 for more details.
Affected configurations
Node
selincsel-2241_rtac_module_firmwareRanger149-v0–r150-v2
selincsel-2241_rtac_moduleMatch-
Node
selincsel-3350_firmwareRanger149-v0–r150-v2
selincsel-3350Match-
Node
selincsel-3505_firmwareRanger149-v0–r150-v2
selincsel-3505Match-
Node
selincsel-3505-3_firmwareRanger149-v0–r150-v2
selincsel-3505-3Match-
Node
selincsel-3530_firmwareRanger149-v0–r150-v2
selincsel-3530Match-
Node
selincsel-3530-4_firmwareRanger149-v0–r150-v2
selincsel-3530-4Match-
Node
selincsel-3532_firmwareRanger149-v0–r150-v2
selincsel-3532Match-
Node
selincsel-3555_firmwareRanger149-v0–r150-v2
selincsel-3555Match-
Node
selincsel-3560e_firmwareRanger149-v0–r150-v2
selincsel-3560eMatch-
Node
selincsel-3560s_firmwareRanger149-v0–r150-v2
selincsel-3560sMatch-
| CPE | Name | Operator | Version |
|---|---|---|---|
| selinc:sel-2241_rtac_module_firmware | selinc sel-2241 rtac module firmware | lt | r150-v2 |
CNA Affected
[
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web management interface"
],
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R149-V0",
"versionType": "custom"
}
]
}
]Related
nessus
nessus
nvd
nvd
CVE-2023-31162
2023-05-10 20:15:11
prion
prion
Input validation
2023-05-10 20:15:00
cvelist
cvelist
CVE-2023-31162 Improper Input Validation in Web Interface
2023-05-10 19:24:20
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:L
4.4 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
49.6%
Related for CVE-2023-31162