Authentication Bypass Using an Alternate Path or Channel
CVE-2023-31152

4MEDIUM

Key Information:

Vendor: Schweitzer Engineering Laboratories
Status: Sel-3505; Sel-3505-3; Sel-3530; Sel-3530-4
Vendor: CVE Published:; 10 May 2023

🔔 Create Schweitzer Engineering Laboratories Vulnerability Alert

What is CVE-2023-31152?

An Authentication Bypass vulnerability exists in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface. This flaw allows unauthorized users to bypass authentication mechanisms, presenting a significant security risk. System administrators should refer to the SEL Service Bulletin published on November 15, 2022, for detailed information on this vulnerability and recommended mitigation strategies. Ensuring robust security configurations and timely updates is crucial to protect against potential exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SEL-2241 RTAC module Linux R147-V0

References

https://selinc.com/support/security-notifications/externa...

https://www.nozominetworks.com/blog/

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 10, 2023
Vulnerability Reserved
Apr 24, 2023

Credit

Andrea Palanca, Nozomi Networks

JSON

Schweitzer Engineering Laboratories