CVE-2023-31156 - OpenCVE

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Selinc	Sel-3530 Sel-3555 Firmware Sel-3505-3 Sel-2241 Rtac Module Sel-3350 Firmware Sel-3560e Firmware Sel-2241 Rtac Module Firmware Sel-3530 Firmware Sel-3530-4 Sel-3505-3 Firmware Sel-3560e Sel-3532 Firmware Sel-3505 Sel-3532 Sel-3350 Sel-3505 Firmware Sel-3555 Sel-3560s Sel-3560s Firmware Sel-3530-4 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:selinc:sel-2241_rtac_module_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:selinc:sel-2241_rtac_module:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:selinc:sel-3350_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:selinc:sel-3350:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:selinc:sel-3505_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:selinc:sel-3505:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:selinc:sel-3505-3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:selinc:sel-3505-3:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:selinc:sel-3530_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:selinc:sel-3530:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:selinc:sel-3530-4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:selinc:sel-3530-4:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:selinc:sel-3532_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:selinc:sel-3532:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:selinc:sel-3555_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:selinc:sel-3555:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:selinc:sel-3560e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:selinc:sel-3560e:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:selinc:sel-3560s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:selinc:sel-3560s:-:*:*:*:*:*:*:*

References

Link	Resource
https://selinc.com/support/security-notifications/external-reports/	Vendor Advisory
https://www.nozominetworks.com/blog/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: SEL

Published: 2023-05-10T19:22:44.225Z

Updated: 2023-05-10T19:22:44.225Z

Reserved: 2023-04-24T23:19:04.959Z

Link: CVE-2023-31156

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-05-10T20:15:10.633

Modified: 2023-05-17T17:47:55.157

Link: CVE-2023-31156

JSON object: View

Redhat Information

No data.

CWE

CWE-79