CVE-2023-31162

Summary

An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to arbitrarily alter the content of a configuration file.

See SEL Service Bulletin dated 2022-11-15 for more details.

Affected Software

VendorProductVersion RangeStatus
Schweitzer Engineering LaboratoriesSEL-3505R149-V0 < R150-V2affected
Schweitzer Engineering LaboratoriesSEL-3505R149-V0 < R149-V4affected
Schweitzer Engineering LaboratoriesSEL-3505-3R149-V0 < R150-V2affected
Schweitzer Engineering LaboratoriesSEL-3505-3R149-V0 < R149-V4affected
Schweitzer Engineering LaboratoriesSEL-3530R149-V0 < R150-V2affected
Schweitzer Engineering LaboratoriesSEL-3530R149-V0 < R149-V4affected
Schweitzer Engineering LaboratoriesSEL-3530-4R149-V0 < R150-V2affected
Schweitzer Engineering LaboratoriesSEL-3530-4R149-V0 < R149-V4affected
Schweitzer Engineering LaboratoriesSEL-3532R149-V0 < R150-V2affected
Schweitzer Engineering LaboratoriesSEL-3532R149-V0 < R149-V4affected
Schweitzer Engineering LaboratoriesSEL-3555R149-V0 < R150-V2affected
Schweitzer Engineering LaboratoriesSEL-3555R149-V0 < R149-V4affected
Schweitzer Engineering LaboratoriesSEL-3560SR149-V0 < R150-V2affected
Schweitzer Engineering LaboratoriesSEL-3560SR149-V0 < R149-V4affected
Schweitzer Engineering LaboratoriesSEL-3560ER149-V0 < R150-V2affected
Schweitzer Engineering LaboratoriesSEL-3560ER149-V0 < R149-V4affected
Schweitzer Engineering LaboratoriesSEL-2241 RTAC moduleR149-V0 < R150-V2affected
Schweitzer Engineering LaboratoriesSEL-2241 RTAC moduleR149-V0 < R149-V4affected
Schweitzer Engineering LaboratoriesSEL-3350R149-V0 < R150-V2affected
Schweitzer Engineering LaboratoriesSEL-3350R149-V0 < R149-V4affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References