CVE-2023-31152

Summary

An Authentication Bypass Using an Alternate Path or Channel vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface allows Authentication Bypass. See SEL Service Bulletin dated 2022-11-15 for more details.

Affected Software

VendorProductVersion RangeStatus
Schweitzer Engineering LaboratoriesSEL-3505R147-V0 < R150-V2affected
Schweitzer Engineering LaboratoriesSEL-3505R147-V0 < R149-V4affected
Schweitzer Engineering LaboratoriesSEL-3505R147-V0 < R148-V7affected
Schweitzer Engineering LaboratoriesSEL-3505R147-V0 < R147-V6affected
Schweitzer Engineering LaboratoriesSEL-3505-3R147-V0 < R150-V2affected
Schweitzer Engineering LaboratoriesSEL-3505-3R147-V0 < R149-V4affected
Schweitzer Engineering LaboratoriesSEL-3505-3R147-V0 < R148-V7affected
Schweitzer Engineering LaboratoriesSEL-3505-3R147-V0 < R147-V6affected
Schweitzer Engineering LaboratoriesSEL-3530R147-V0 < R150-V2affected
Schweitzer Engineering LaboratoriesSEL-3530R147-V0 < R149-V4affected
Schweitzer Engineering LaboratoriesSEL-3530R147-V0 < R148-V7affected
Schweitzer Engineering LaboratoriesSEL-3530R147-V0 < R147-V6affected
Schweitzer Engineering LaboratoriesSEL-3530-4R147-V0 < R150-V2affected
Schweitzer Engineering LaboratoriesSEL-3530-4R147-V0 < R149-V4affected
Schweitzer Engineering LaboratoriesSEL-3530-4R147-V0 < R148-V7affected
Schweitzer Engineering LaboratoriesSEL-3530-4R147-V0 < R147-V6affected
Schweitzer Engineering LaboratoriesSEL-3532R147-V0 < R150-V2affected
Schweitzer Engineering LaboratoriesSEL-3532R147-V0 < R149-V4affected
Schweitzer Engineering LaboratoriesSEL-3532R147-V0 < R148-V7affected
Schweitzer Engineering LaboratoriesSEL-3532R147-V0 < R147-V6affected
Schweitzer Engineering LaboratoriesSEL-3555R147-V0 < R150-V2affected
Schweitzer Engineering LaboratoriesSEL-3555R147-V0 < R149-V4affected
Schweitzer Engineering LaboratoriesSEL-3555R147-V0 < R148-V7affected
Schweitzer Engineering LaboratoriesSEL-3555R147-V0 < R147-V6affected
Schweitzer Engineering LaboratoriesSEL-3560SR147-V0 < R150-V2affected
Schweitzer Engineering LaboratoriesSEL-3560SR147-V0 < R149-V4affected
Schweitzer Engineering LaboratoriesSEL-3560SR147-V0 < R148-V7affected
Schweitzer Engineering LaboratoriesSEL-3560SR147-V0 < R147-V6affected
Schweitzer Engineering LaboratoriesSEL-3560ER147-V0 < R150-V2affected
Schweitzer Engineering LaboratoriesSEL-3560ER147-V0 < R149-V4affected
Schweitzer Engineering LaboratoriesSEL-3560ER147-V0 < R148-V7affected
Schweitzer Engineering LaboratoriesSEL-3560ER147-V0 < R147-V6affected
Schweitzer Engineering LaboratoriesSEL-2241 RTAC moduleR147-V0 < R150-V2affected
Schweitzer Engineering LaboratoriesSEL-2241 RTAC moduleR147-V0 < R149-V4affected
Schweitzer Engineering LaboratoriesSEL-2241 RTAC moduleR147-V0 < R148-V7affected
Schweitzer Engineering LaboratoriesSEL-2241 RTAC moduleR147-V0 < R147-V6affected
Schweitzer Engineering LaboratoriesSEL-3350R148-V0 < R150-V2affected
Schweitzer Engineering LaboratoriesSEL-3350R148-V0 < R149-V4affected
Schweitzer Engineering LaboratoriesSEL-3350R148-V0 < R148-V7affected

Weaknesses

  • CWE-288: CWE-288 Authentication Bypass Using an Alternate Path or Channel

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References