CVE-2023-31150

Summary

A Storing Passwords in a Recoverable Format vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) database system could allow an authenticated attacker to retrieve passwords. See SEL Service Bulletin dated 2022-11-15 for more details.

Affected Software

VendorProductVersion RangeStatus
Schweitzer Engineering LaboratoriesSEL-3505R122-V0 < R150-V2affected
Schweitzer Engineering LaboratoriesSEL-3505R122-V0 < R149-V4affected
Schweitzer Engineering LaboratoriesSEL-3505R122-V0 < R148-V7affected
Schweitzer Engineering LaboratoriesSEL-3505R122-V0 < R147-V6affected
Schweitzer Engineering LaboratoriesSEL-3505-3R132-V0 < R150-V2affected
Schweitzer Engineering LaboratoriesSEL-3505-3R132-V0 < R149-V4affected
Schweitzer Engineering LaboratoriesSEL-3505-3R132-V0 < R148-V7affected
Schweitzer Engineering LaboratoriesSEL-3505-3R132-V0 < R147-V6affected
Schweitzer Engineering LaboratoriesSEL-3530R122-V0 < R150-V2affected
Schweitzer Engineering LaboratoriesSEL-3530R122-V0 < R149-V4affected
Schweitzer Engineering LaboratoriesSEL-3530R122-V0 < R148-V7affected
Schweitzer Engineering LaboratoriesSEL-3530R122-V0 < R147-V6affected
Schweitzer Engineering LaboratoriesSEL-3530-4R122-V0 < R150-V2affected
Schweitzer Engineering LaboratoriesSEL-3530-4R122-V0 < R149-V4affected
Schweitzer Engineering LaboratoriesSEL-3530-4R122-V0 < R148-V7affected
Schweitzer Engineering LaboratoriesSEL-3530-4R122-V0 < R147-V6affected
Schweitzer Engineering LaboratoriesSEL-3532R132-V0 < R150-V2affected
Schweitzer Engineering LaboratoriesSEL-3532R132-V0 < R149-V4affected
Schweitzer Engineering LaboratoriesSEL-3532R132-V0 < R148-V7affected
Schweitzer Engineering LaboratoriesSEL-3532R132-V0 < R147-V6affected
Schweitzer Engineering LaboratoriesSEL-3555R134-V0 < R150-V2affected
Schweitzer Engineering LaboratoriesSEL-3555R134-V0 < R149-V4affected
Schweitzer Engineering LaboratoriesSEL-3555R134-V0 < R148-V7affected
Schweitzer Engineering LaboratoriesSEL-3555R134-V0 < R147-V6affected
Schweitzer Engineering LaboratoriesSEL-3560SR144-V2 < R150-V2affected
Schweitzer Engineering LaboratoriesSEL-3560SR144-V2 < R149-V4affected
Schweitzer Engineering LaboratoriesSEL-3560SR144-V2 < R148-V7affected
Schweitzer Engineering LaboratoriesSEL-3560SR144-V2 < R147-V6affected
Schweitzer Engineering LaboratoriesSEL-3560ER144-V2 < R150-V2affected
Schweitzer Engineering LaboratoriesSEL-3560ER144-V2 < R149-V4affected
Schweitzer Engineering LaboratoriesSEL-3560ER144-V2 < R148-V7affected
Schweitzer Engineering LaboratoriesSEL-3560ER144-V2 < R147-V6affected
Schweitzer Engineering LaboratoriesSEL-2241 RTAC moduleR122-V0 < R150-V2affected
Schweitzer Engineering LaboratoriesSEL-2241 RTAC moduleR122-V0 < R149-V4affected
Schweitzer Engineering LaboratoriesSEL-2241 RTAC moduleR122-V0 < R148-V7affected
Schweitzer Engineering LaboratoriesSEL-2241 RTAC moduleR122-V0 < R147-V6affected
Schweitzer Engineering LaboratoriesSEL-3350R148-V0 < R150-V2affected
Schweitzer Engineering LaboratoriesSEL-3350R148-V0 < R149-V4affected
Schweitzer Engineering LaboratoriesSEL-3350R148-V0 < R148-V7affected

Weaknesses

  • CWE-257: CWE-257 Storing Passwords in a Recoverable Format

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References