CVE-2023-2310

Summary

A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer Engineering Laboratories SEL Real-Time Automation Controller (RTAC) could allow a remote attacker to perform a man-in-the-middle (MiTM) that could result in denial of service.

See the ACSELERATOR RTAC SEL-5033 Software instruction manual date code 20210915 for more details.

Affected Software

VendorProductVersion RangeStatus
Schweitzer Engineering LaboratoriesSEL-3505R119-V0 < R150-V2affected
Schweitzer Engineering LaboratoriesSEL-3505R119-V0 < R149-V4affected
Schweitzer Engineering LaboratoriesSEL-3505R119-V0 < R148-V7affected
Schweitzer Engineering LaboratoriesSEL-3505R119-V0 < R147-V6affected
Schweitzer Engineering Laboratories, Inc.SEL-3505-3R132-V0 < R150-V2affected
Schweitzer Engineering Laboratories, Inc.SEL-3505-3R132-V0 < R149-V4affected
Schweitzer Engineering Laboratories, Inc.SEL-3505-3R132-V0 < R148-V7affected
Schweitzer Engineering Laboratories, Inc.SEL-3505-3R132-V0 < R147-V6affected
Schweitzer Engineering LaboratoriesSEL-3530R100-V0 < R150-V2affected
Schweitzer Engineering LaboratoriesSEL-3530R100-V0 < R149-V4affected
Schweitzer Engineering LaboratoriesSEL-3530R100-V0 < R148-V7affected
Schweitzer Engineering LaboratoriesSEL-3530R100-V0 < R147-V6affected
Schweitzer Engineering Laboratories, Inc.SEL-3530-4R108-V0 < R150-V2affected
Schweitzer Engineering Laboratories, Inc.SEL-3530-4R108-V0 < R149-V4affected
Schweitzer Engineering Laboratories, Inc.SEL-3530-4R108-V0 < R148-V7affected
Schweitzer Engineering Laboratories, Inc.SEL-3530-4R108-V0 < R147-V6affected
Schweitzer Engineering Laboratories, Inc.SEL-3532R132-V0 < R150-V2affected
Schweitzer Engineering Laboratories, Inc.SEL-3532R132-V0 < R149-V4affected
Schweitzer Engineering Laboratories, Inc.SEL-3532R132-V0 < R148-V7affected
Schweitzer Engineering Laboratories, Inc.SEL-3532R132-V0 < R147-V6affected
Schweitzer Engineering Laboratories, Inc.SEL-3555R134-V0 < R150-V2affected
Schweitzer Engineering Laboratories, Inc.SEL-3555R134-V0 < R149-V4affected
Schweitzer Engineering Laboratories, Inc.SEL-3555R134-V0 < R148-V7affected
Schweitzer Engineering Laboratories, Inc.SEL-3555R134-V0 < R147-V6affected
Schweitzer Engineering Laboratories, Inc.SEL-3560SR144-V2 < R150-V2affected
Schweitzer Engineering Laboratories, Inc.SEL-3560SR144-V2 < R149-V4affected
Schweitzer Engineering Laboratories, Inc.SEL-3560SR144-V2 < R148-V7affected
Schweitzer Engineering Laboratories, Inc.SEL-3560SR144-V2 < R147-V6affected
Schweitzer Engineering Laboratories, Inc.SEL-3560ER144-V2 < R150-V2affected
Schweitzer Engineering Laboratories, Inc.SEL-3560ER144-V2 < R149-V4affected
Schweitzer Engineering Laboratories, Inc.SEL-3560ER144-V2 < R148-V7affected
Schweitzer Engineering Laboratories, Inc.SEL-3560ER144-V2 < R147-V6affected
Schweitzer Engineering Laboratories, Inc.SEL-2241 RTAC moduleR113-V0 < R150-V2affected
Schweitzer Engineering Laboratories, Inc.SEL-2241 RTAC moduleR113-V0 < R149-V4affected
Schweitzer Engineering Laboratories, Inc.SEL-2241 RTAC moduleR113-V0 < R148-V7affected
Schweitzer Engineering Laboratories, Inc.SEL-2241 RTAC moduleR113-V0 < R147-V6affected
Schweitzer Engineering Laboratories, Inc.SEL-3350R148-V0 < R150-V2affected
Schweitzer Engineering Laboratories, Inc.SEL-3350R148-V0 < R149-V4affected
Schweitzer Engineering Laboratories, Inc.SEL-3350R148-V0 < R148-V7affected

Weaknesses

  • CWE-300: CWE-300 Channel Accessible by Non-Endpoint

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References