Improper Input Validation in Web Interface
CVE-2023-31149

9.1CRITICAL

Key Information:

Vendor: Schweitzer Engineering Laboratories
Status: Sel-3505; Sel-3505-3; Sel-3530; Sel-3530-4
Vendor: CVE Published:; 10 May 2023

🔔 Create Schweitzer Engineering Laboratories Vulnerability Alert

What is CVE-2023-31149?

An Improper Input Validation vulnerability exists in the SEL Real-Time Automation Controller's Web Interface. This weakness could enable a remote authenticated attacker to execute arbitrary code, leading to potential unauthorized access and control over the affected system. Users are strongly advised to review the security bulletin issued by SEL for detailed mitigation strategies.

Affected Version(s)

SEL-2241 RTAC module Linux R132-V0

References

https://selinc.com/support/security-notifications/externa...

https://www.nozominetworks.com/blog/

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 10, 2023
Vulnerability Reserved
Apr 24, 2023

Credit

Andrea Palanca, Nozomi Networks