Improper Input Validation in Web Interface
CVE-2023-31149

9.1CRITICAL

Key Information:

Vendor
Schweitzer Engineering Laboratories
Status
Sel-3505
Sel-3505-3
Sel-3530
Sel-3530-4
Vendor
CVE Published:
10 May 2023

Summary

An Improper Input Validation vulnerability exists in the SEL Real-Time Automation Controller's Web Interface. This weakness could enable a remote authenticated attacker to execute arbitrary code, leading to potential unauthorized access and control over the affected system. Users are strongly advised to review the security bulletin issued by SEL for detailed mitigation strategies.

Affected Version(s)

SEL-2241 RTAC module Linux R132-V0

SEL-2241 RTAC module Linux R132-V0

SEL-2241 RTAC module Linux R132-V0

References

https://selinc.com/support/security-notifications/externa...
https://www.nozominetworks.com/blog/

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Andrea Palanca, Nozomi Networks
.