Improper Input Validation in Web Interface
CVE-2023-31161

5.9MEDIUM

Key Information:

Vendor: Schweitzer Engineering Laboratories
Status: Sel-3532; Sel-3555; Sel-3560s; Sel-3560e
Vendor: CVE Published:; 10 May 2023

What is CVE-2023-31161?

An improper input validation vulnerability exists in the web interface of the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC). This flaw allows authenticated remote attackers to exploit internal resources, potentially leading to unauthorized access and control over system functions. Users are advised to review the SEL Service Bulletin dated November 15, 2022, for additional details and remediation steps.

Affected Version(s)

SEL-3350 Linux R148-V0

References

https://selinc.com/support/security-notifications/externa...

https://www.nozominetworks.com/blog/

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 10, 2023
Vulnerability Reserved
Apr 24, 2023

Credit

Andrea Palanca, Nozomi Networks