Storing Passwords in a Recoverable Format
CVE-2023-31150

8HIGH

Key Information:

Vendor
Schweitzer Engineering Laboratories
Status
Sel-3505
Sel-3505-3
Sel-3530
Sel-3530-4
Vendor
CVE Published:
10 May 2023

Summary

A vulnerability has been identified in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) database system, which involves the insecure storage of passwords in a format that is recoverable by authenticated attackers. This flaw poses a significant security risk, as it can potentially allow unauthorized access to sensitive information and control over automated systems. The issue is documented in SEL Service Bulletin dated November 15, 2022. Organizations using SEL RTAC should review their password storage practices to mitigate this risk.

Affected Version(s)

SEL-2241 RTAC module Linux R122-V0

SEL-2241 RTAC module Linux R122-V0

SEL-2241 RTAC module Linux R122-V0

References

https://selinc.com/support/security-notifications/externa...
https://www.nozominetworks.com/blog/

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Andrea Palanca, Nozomi Networks
.