CVE-2023-31161

Summary

An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow an authenticated remote attacker to use internal resources, allowing a variety of potential effects.

See SEL Service Bulletin dated 2022-11-15 for more details.

Affected Software

VendorProductVersion RangeStatus
Schweitzer Engineering LaboratoriesSEL-3532R143-V0 < R150-V2affected
Schweitzer Engineering LaboratoriesSEL-3532R143-V0 < R149-V4affected
Schweitzer Engineering LaboratoriesSEL-3532R143-V0 < R148-V7affected
Schweitzer Engineering LaboratoriesSEL-3532R143-V0 < R147-V6affected
Schweitzer Engineering LaboratoriesSEL-3555R143-V0 < R150-V2affected
Schweitzer Engineering LaboratoriesSEL-3555R143-V0 < R149-V4affected
Schweitzer Engineering LaboratoriesSEL-3555R143-V0 < R148-V7affected
Schweitzer Engineering LaboratoriesSEL-3555R143-V0 < R147-V6affected
Schweitzer Engineering LaboratoriesSEL-3560SR144-V2 < R150-V2affected
Schweitzer Engineering LaboratoriesSEL-3560SR144-V2 < R149-V4affected
Schweitzer Engineering LaboratoriesSEL-3560SR144-V2 < R148-V7affected
Schweitzer Engineering LaboratoriesSEL-3560SR144-V2 < R147-V6affected
Schweitzer Engineering LaboratoriesSEL-3560ER144-V2 < R150-V2affected
Schweitzer Engineering LaboratoriesSEL-3560ER144-V2 < R149-V4affected
Schweitzer Engineering LaboratoriesSEL-3560ER144-V2 < R148-V7affected
Schweitzer Engineering LaboratoriesSEL-3560ER144-V2 < R147-V6affected
Schweitzer Engineering LaboratoriesSEL-3350R148-V0 < R150-V2affected
Schweitzer Engineering LaboratoriesSEL-3350R148-V0 < R149-V4affected
Schweitzer Engineering LaboratoriesSEL-3350R148-V0 < R148-V7affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References