CVE-2023-31149

Summary

An Improper Input Validation vulnerability

in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code. See SEL Service Bulletin dated 2022-11-15 for more details.

Affected Software

VendorProductVersion RangeStatus
Schweitzer Engineering LaboratoriesSEL-3505R132-V0 < R150-V2affected
Schweitzer Engineering LaboratoriesSEL-3505R132-V0 < R149-V4affected
Schweitzer Engineering LaboratoriesSEL-3505R132-V0 < R148-V7affected
Schweitzer Engineering LaboratoriesSEL-3505R132-V0 < R147-V6affected
Schweitzer Engineering LaboratoriesSEL-3505-3R132-V0 < R150-V2affected
Schweitzer Engineering LaboratoriesSEL-3505-3R132-V0 < R149-V4affected
Schweitzer Engineering LaboratoriesSEL-3505-3R132-V0 < R148-V7affected
Schweitzer Engineering LaboratoriesSEL-3505-3R132-V0 < R147-V6affected
Schweitzer Engineering LaboratoriesSEL-3530R132-V0 < R150-V2affected
Schweitzer Engineering LaboratoriesSEL-3530R132-V0 < R149-V4affected
Schweitzer Engineering LaboratoriesSEL-3530R132-V0 < R148-V7affected
Schweitzer Engineering LaboratoriesSEL-3530R132-V0 < R147-V6affected
Schweitzer Engineering LaboratoriesSEL-3530-4R132-V0 < R150-V2affected
Schweitzer Engineering LaboratoriesSEL-3530-4R132-V0 < R149-V4affected
Schweitzer Engineering LaboratoriesSEL-3530-4R132-V0 < R148-V7affected
Schweitzer Engineering LaboratoriesSEL-3530-4R132-V0 < R147-V6affected
Schweitzer Engineering LaboratoriesSEL-3532R132-V0 < R150-V2affected
Schweitzer Engineering LaboratoriesSEL-3532R132-V0 < R149-V4affected
Schweitzer Engineering LaboratoriesSEL-3532R132-V0 < R148-V7affected
Schweitzer Engineering LaboratoriesSEL-3532R132-V0 < R147-V6affected
Schweitzer Engineering LaboratoriesSEL-3555R134-V0 < R150-V2affected
Schweitzer Engineering LaboratoriesSEL-3555R134-V0 < R149-V4affected
Schweitzer Engineering LaboratoriesSEL-3555R134-V0 < R148-V7affected
Schweitzer Engineering LaboratoriesSEL-3555R134-V0 < R147-V6affected
Schweitzer Engineering LaboratoriesSEL-3560SR144-V2 < R150-V2affected
Schweitzer Engineering LaboratoriesSEL-3560SR144-V2 < R149-V4affected
Schweitzer Engineering LaboratoriesSEL-3560SR144-V2 < R148-V7affected
Schweitzer Engineering LaboratoriesSEL-3560SR144-V2 < R147-V6affected
Schweitzer Engineering LaboratoriesSEL-3560ER144-V2 < R150-V2affected
Schweitzer Engineering LaboratoriesSEL-3560ER144-V2 < R149-V4affected
Schweitzer Engineering LaboratoriesSEL-3560ER144-V2 < R148-V7affected
Schweitzer Engineering LaboratoriesSEL-3560ER144-V2 < R147-V6affected
Schweitzer Engineering LaboratoriesSEL-2241 RTAC moduleR132-V0 < R150-V2affected
Schweitzer Engineering LaboratoriesSEL-2241 RTAC moduleR132-V0 < R149-V4affected
Schweitzer Engineering LaboratoriesSEL-2241 RTAC moduleR132-V0 < R148-V7affected
Schweitzer Engineering LaboratoriesSEL-2241 RTAC moduleR132-V0 < R147-V6affected
Schweitzer Engineering LaboratoriesSEL-3350R148-V0 < R150-V2affected
Schweitzer Engineering LaboratoriesSEL-3350R148-V0 < R149-V4affected
Schweitzer Engineering LaboratoriesSEL-3350R148-V0 < R148-V7affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References