CVE-2023-31148
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
10/05/2023
Last modified:
17/05/2023
Description
An Improper Input Validation vulnerability <br />
<br />
in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code.<br />
See SEL Service Bulletin dated 2022-11-15 for more details.<br />
<br />
<br />
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:selinc:sel-2241_rtac_module_firmware:*:*:*:*:*:*:*:* | r132-v0 (including) | r150-v2 (excluding) |
| cpe:2.3:h:selinc:sel-2241_rtac_module:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:selinc:sel-3350_firmware:*:*:*:*:*:*:*:* | r148-v0 (including) | r150-v2 (excluding) |
| cpe:2.3:h:selinc:sel-3350:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:selinc:sel-3505_firmware:*:*:*:*:*:*:*:* | r132-v0 (including) | r150-v2 (excluding) |
| cpe:2.3:h:selinc:sel-3505:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:selinc:sel-3505-3_firmware:*:*:*:*:*:*:*:* | r132-v0 (including) | r150-v2 (excluding) |
| cpe:2.3:h:selinc:sel-3505-3:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:selinc:sel-3530_firmware:*:*:*:*:*:*:*:* | r132-v0 (including) | r150-v2 (excluding) |
| cpe:2.3:h:selinc:sel-3530:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:selinc:sel-3530-4_firmware:*:*:*:*:*:*:*:* | r132-v0 (including) | r150-v2 (excluding) |
| cpe:2.3:h:selinc:sel-3530-4:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:selinc:sel-3532_firmware:*:*:*:*:*:*:*:* | r132-v0 (including) | r150-v2 (excluding) |
| cpe:2.3:h:selinc:sel-3532:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:selinc:sel-3555_firmware:*:*:*:*:*:*:*:* | r134-v0 (including) | r150-v2 (excluding) |
To consult the complete list of CPE names with products and versions, see this page