Storing Passwords in a Recoverable Format
CVE-2023-31150

8HIGH

Key Information:

Vendor: Schweitzer Engineering Laboratories
Status: Sel-3505; Sel-3505-3; Sel-3530; Sel-3530-4
Vendor: CVE Published:; 10 May 2023

🔔 Create Schweitzer Engineering Laboratories Vulnerability Alert

What is CVE-2023-31150?

A vulnerability has been identified in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) database system, which involves the insecure storage of passwords in a format that is recoverable by authenticated attackers. This flaw poses a significant security risk, as it can potentially allow unauthorized access to sensitive information and control over automated systems. The issue is documented in SEL Service Bulletin dated November 15, 2022. Organizations using SEL RTAC should review their password storage practices to mitigate this risk.

Affected Version(s)

SEL-2241 RTAC module Linux R122-V0

References

https://selinc.com/support/security-notifications/externa...

https://www.nozominetworks.com/blog/

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 10, 2023
Vulnerability Reserved
Apr 24, 2023

Credit

Andrea Palanca, Nozomi Networks