Authentication Bypass Using an Alternate Path or Channel
CVE-2023-31152

4MEDIUM

Key Information:

Vendor
Schweitzer Engineering Laboratories
Status
Sel-3505
Sel-3505-3
Sel-3530
Sel-3530-4
Vendor
CVE Published:
10 May 2023

Summary

An Authentication Bypass vulnerability exists in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface. This flaw allows unauthorized users to bypass authentication mechanisms, presenting a significant security risk. System administrators should refer to the SEL Service Bulletin published on November 15, 2022, for detailed information on this vulnerability and recommended mitigation strategies. Ensuring robust security configurations and timely updates is crucial to protect against potential exploitation.

Affected Version(s)

SEL-2241 RTAC module Linux R147-V0

SEL-2241 RTAC module Linux R147-V0

SEL-2241 RTAC module Linux R147-V0

References

https://selinc.com/support/security-notifications/externa...
https://www.nozominetworks.com/blog/

CVSS V3.1

Score:
4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Andrea Palanca, Nozomi Networks
.