CVE-2023-31160 - Vulnerability Details - OpenCVE

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.

See SEL Service Bulletin dated 2022-11-15 for more details.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00101.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Schweitzer Engineering Laboratories

SEL-3505

unaffected

Version	Status	Constraints
`R132-V0`	affected	< R150-V2
`R132-V0`	affected	< R149-V4
`R132-V0`	affected	< R148-V7
`R132-V0`	affected	< R147-V6

Schweitzer Engineering Laboratories

SEL-3505-3

unaffected

Version	Status	Constraints
`R132-V0`	affected	< R150-V2
`R132-V0`	affected	< R149-V4
`R132-V0`	affected	< R148-V7
`R132-V0`	affected	< R147-V6

Schweitzer Engineering Laboratories

SEL-3530

unaffected

Version	Status	Constraints
`R132-V0`	affected	< R150-V2
`R132-V0`	affected	< R149-V4
`R132-V0`	affected	< R148-V7
`R132-V0`	affected	< R147-V6

Schweitzer Engineering Laboratories

SEL-3530-4

unaffected

Version	Status	Constraints
`R132-V0`	affected	< R150-V2
`R132-V0`	affected	< R149-V4
`R132-V0`	affected	< R148-V7
`R132-V0`	affected	< R147-V6

Schweitzer Engineering Laboratories

SEL-3532

unaffected

Version	Status	Constraints
`R132-V0`	affected	< R150-V2
`R132-V0`	affected	< R149-V4
`R132-V0`	affected	< R148-V7
`R132-V0`	affected	< R147-V6

Schweitzer Engineering Laboratories

SEL-3555

unaffected

Version	Status	Constraints
`R134-V0`	affected	< R150-V2
`R134-V0`	affected	< R149-V4
`R134-V0`	affected	< R148-V7
`R134-V0`	affected	< R147-V6

Schweitzer Engineering Laboratories

SEL-3560S

unaffected

Version	Status	Constraints
`R144-V2`	affected	< R150-V2
`R144-V2`	affected	< R149-V4
`R144-V2`	affected	< R148-V7
`R144-V2`	affected	< R147-V6

Schweitzer Engineering Laboratories

SEL-3560E

unaffected

Version	Status	Constraints
`R144-V2`	affected	< R150-V2
`R144-V2`	affected	< R149-V4
`R144-V2`	affected	< R148-V7
`R144-V2`	affected	< R147-V6

Schweitzer Engineering Laboratories

SEL-2241 RTAC module

unaffected

Version	Status	Constraints
`R132-V0`	affected	< R150-V2
`R132-V0`	affected	< R149-V4
`R132-V0`	affected	< R148-V7
`R132-V0`	affected	< R147-V6

Schweitzer Engineering Laboratories

SEL-3350

unaffected

Version	Status	Constraints
`R148-V0`	affected	< R150-V2
`R148-V0`	affected	< R149-V4
`R148-V0`	affected	< R148-V7

Configuration 1 [-]

AND

cpe:2.3:o:selinc:sel-2241_rtac_module_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:selinc:sel-2241_rtac_module:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:selinc:sel-3350_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:selinc:sel-3350:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:selinc:sel-3505_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:selinc:sel-3505:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:selinc:sel-3505-3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:selinc:sel-3505-3:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:selinc:sel-3530_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:selinc:sel-3530:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:selinc:sel-3530-4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:selinc:sel-3530-4:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:selinc:sel-3532_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:selinc:sel-3532:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:selinc:sel-3555_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:selinc:sel-3555:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:selinc:sel-3560e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:selinc:sel-3560e:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:selinc:sel-3560s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:selinc:sel-3560s:-:*:*:*:*:*:*:*

No data.

No data.

Project Subscriptions

Vendors	Products
Selinc Subscribe	Sel-2241 Rtac Module Subscribe Sel-2241 Rtac Module Firmware Subscribe Sel-3350 Subscribe Sel-3350 Firmware Subscribe Sel-3505 Subscribe Sel-3505-3 Subscribe Sel-3505-3 Firmware Subscribe Sel-3505 Firmware Subscribe Sel-3530 Subscribe Sel-3530-4 Subscribe Sel-3530-4 Firmware Subscribe Sel-3530 Firmware Subscribe Sel-3532 Subscribe Sel-3532 Firmware Subscribe Sel-3555 Subscribe Sel-3555 Firmware Subscribe Sel-3560e Subscribe Sel-3560e Firmware Subscribe Sel-3560s Subscribe Sel-3560s Firmware Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2023-35476	An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://selinc.com/support/security-notifications/external-reports/
https://www.nozominetworks.com/blog/

History

Fri, 24 Jan 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: SEL

Published: 2023-05-10T19:23:43.200Z

Updated: 2025-01-24T19:19:25.906Z

Reserved: 2023-04-24T23:19:33.136Z

Link: CVE-2023-31160

Vulnrichment

Updated: 2024-08-02T14:45:25.879Z

NVD

Status : Modified

Published: 2023-05-10T20:15:11.003

Modified: 2024-11-21T08:01:31.530

Link: CVE-2023-31160

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-79

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-31160", "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699", "state": "PUBLISHED", "assignerShortName": "SEL", "dateReserved": "2023-04-24T23:19:33.136Z", "datePublished": "2023-05-10T19:23:43.200Z", "dateUpdated": "2025-01-24T19:19:25.906Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["Web management interface"], "platforms": ["Linux"], "product": "SEL-3505", "vendor": "Schweitzer Engineering Laboratories", "versions": [{"lessThan": "R150-V2", "status": "affected", "version": "R132-V0", "versionType": "custom"}, {"lessThan": "R149-V4", "status": "affected", "version": "R132-V0", "versionType": "custom"}, {"lessThan": "R148-V7", "status": "affected", "version": "R132-V0", "versionType": "custom"}, {"lessThan": "R147-V6", "status": "affected", "version": "R132-V0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["Web management interface"], "platforms": ["Linux"], "product": "SEL-3505-3", "vendor": "Schweitzer Engineering Laboratories", "versions": [{"lessThan": "R150-V2", "status": "affected", "version": "R132-V0", "versionType": "custom"}, {"lessThan": "R149-V4", "status": "affected", "version": "R132-V0", "versionType": "custom"}, {"lessThan": "R148-V7", "status": "affected", "version": "R132-V0", "versionType": "custom"}, {"lessThan": "R147-V6", "status": "affected", "version": "R132-V0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["Web management interface"], "platforms": ["Linux"], "product": "SEL-3530", "vendor": "Schweitzer Engineering Laboratories", "versions": [{"lessThan": "R150-V2", "status": "affected", "version": "R132-V0", "versionType": "custom"}, {"lessThan": "R149-V4", "status": "affected", "version": "R132-V0", "versionType": "custom"}, {"lessThan": "R148-V7", "status": "affected", "version": "R132-V0", "versionType": "custom"}, {"lessThan": "R147-V6", "status": "affected", "version": "R132-V0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["Web management interface"], "platforms": ["Linux"], "product": "SEL-3530-4", "vendor": "Schweitzer Engineering Laboratories", "versions": [{"lessThan": "R150-V2", "status": "affected", "version": "R132-V0", "versionType": "custom"}, {"lessThan": "R149-V4", "status": "affected", "version": "R132-V0", "versionType": "custom"}, {"lessThan": "R148-V7", "status": "affected", "version": "R132-V0", "versionType": "custom"}, {"lessThan": "R147-V6", "status": "affected", "version": "R132-V0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["Web management interface"], "platforms": ["Linux"], "product": "SEL-3532", "vendor": "Schweitzer Engineering Laboratories", "versions": [{"lessThan": "R150-V2", "status": "affected", "version": "R132-V0", "versionType": "custom"}, {"lessThan": "R149-V4", "status": "affected", "version": "R132-V0", "versionType": "custom"}, {"lessThan": "R148-V7", "status": "affected", "version": "R132-V0", "versionType": "custom"}, {"lessThan": "R147-V6", "status": "affected", "version": "R132-V0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["Web management interface"], "platforms": ["Linux"], "product": "SEL-3555", "vendor": "Schweitzer Engineering Laboratories", "versions": [{"lessThan": "R150-V2", "status": "affected", "version": "R134-V0", "versionType": "custom"}, {"lessThan": "R149-V4", "status": "affected", "version": "R134-V0", "versionType": "custom"}, {"lessThan": "R148-V7", "status": "affected", "version": "R134-V0", "versionType": "custom"}, {"lessThan": "R147-V6", "status": "affected", "version": "R134-V0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["Web management interface"], "platforms": ["Linux"], "product": "SEL-3560S", "vendor": "Schweitzer Engineering Laboratories", "versions": [{"lessThan": "R150-V2", "status": "affected", "version": "R144-V2", "versionType": "custom"}, {"lessThan": "R149-V4", "status": "affected", "version": "R144-V2", "versionType": "custom"}, {"lessThan": "R148-V7", "status": "affected", "version": "R144-V2", "versionType": "custom"}, {"lessThan": "R147-V6", "status": "affected", "version": "R144-V2", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["Web management interface"], "platforms": ["Linux"], "product": "SEL-3560E", "vendor": "Schweitzer Engineering Laboratories", "versions": [{"lessThan": "R150-V2", "status": "affected", "version": "R144-V2", "versionType": "custom"}, {"lessThan": "R149-V4", "status": "affected", "version": "R144-V2", "versionType": "custom"}, {"lessThan": "R148-V7", "status": "affected", "version": "R144-V2", "versionType": "custom"}, {"lessThan": "R147-V6", "status": "affected", "version": "R144-V2", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["Web management interface"], "platforms": ["Linux"], "product": "SEL-2241 RTAC module", "vendor": "Schweitzer Engineering Laboratories", "versions": [{"lessThan": "R150-V2", "status": "affected", "version": "R132-V0", "versionType": "custom"}, {"lessThan": "R149-V4", "status": "affected", "version": "R132-V0", "versionType": "custom"}, {"lessThan": "R148-V7", "status": "affected", "version": "R132-V0", "versionType": "custom"}, {"lessThan": "R147-V6", "status": "affected", "version": "R132-V0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["Web management interface"], "platforms": ["Linux"], "product": "SEL-3350", "vendor": "Schweitzer Engineering Laboratories", "versions": [{"lessThan": "R150-V2", "status": "affected", "version": "R148-V0", "versionType": "custom"}, {"lessThan": "R149-V4", "status": "affected", "version": "R148-V0", "versionType": "custom"}, {"lessThan": "R148-V7", "status": "affected", "version": "R148-V0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Andrea Palanca, Nozomi Networks"}], "datePublic": "2023-05-10T07:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<div><div>An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.</div></div>\n\n<p>See SEL Service Bulletin dated 2022-11-15 for more details.<br></p>"}], "value": "\nAn Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"}], "impacts": [{"capecId": "CAPEC-242", "descriptions": [{"lang": "en", "value": "CAPEC-242 Code Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "5804bb70-792c-43e0-8596-486cc0efe699", "shortName": "SEL", "dateUpdated": "2023-05-10T19:23:43.200Z"}, "references": [{"url": "https://selinc.com/support/security-notifications/external-reports/"}, {"url": "https://www.nozominetworks.com/blog/"}], "source": {"discovery": "EXTERNAL"}, "title": "Improper Neutralization of Input During Web Page Generation", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:45:25.879Z"}, "title": "CVE Program Container", "references": [{"url": "https://selinc.com/support/security-notifications/external-reports/", "tags": ["x_transferred"]}, {"url": "https://www.nozominetworks.com/blog/", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-24T19:19:22.925031Z", "id": "CVE-2023-31160", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-24T19:19:25.906Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://selinc.com/support/security-notifications/external-reports/", "tags": ["x_transferred"]}, {"url": "https://www.nozominetworks.com/blog/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:45:25.879Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-31160", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-24T19:19:22.925031Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-24T19:19:18.888Z"}}], "cna": {"title": "Improper Neutralization of Input During Web Page Generation", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Andrea Palanca, Nozomi Networks"}], "impacts": [{"capecId": "CAPEC-242", "descriptions": [{"lang": "en", "value": "CAPEC-242 Code Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Schweitzer Engineering Laboratories", "modules": ["Web management interface"], "product": "SEL-3505", "versions": [{"status": "affected", "version": "R132-V0", "lessThan": "R150-V2", "versionType": "custom"}, {"status": "affected", "version": "R132-V0", "lessThan": "R149-V4", "versionType": "custom"}, {"status": "affected", "version": "R132-V0", "lessThan": "R148-V7", "versionType": "custom"}, {"status": "affected", "version": "R132-V0", "lessThan": "R147-V6", "versionType": "custom"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}, {"vendor": "Schweitzer Engineering Laboratories", "modules": ["Web management interface"], "product": "SEL-3505-3", "versions": [{"status": "affected", "version": "R132-V0", "lessThan": "R150-V2", "versionType": "custom"}, {"status": "affected", "version": "R132-V0", "lessThan": "R149-V4", "versionType": "custom"}, {"status": "affected", "version": "R132-V0", "lessThan": "R148-V7", "versionType": "custom"}, {"status": "affected", "version": "R132-V0", "lessThan": "R147-V6", "versionType": "custom"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}, {"vendor": "Schweitzer Engineering Laboratories", "modules": ["Web management interface"], "product": "SEL-3530", "versions": [{"status": "affected", "version": "R132-V0", "lessThan": "R150-V2", "versionType": "custom"}, {"status": "affected", "version": "R132-V0", "lessThan": "R149-V4", "versionType": "custom"}, {"status": "affected", "version": "R132-V0", "lessThan": "R148-V7", "versionType": "custom"}, {"status": "affected", "version": "R132-V0", "lessThan": "R147-V6", "versionType": "custom"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}, {"vendor": "Schweitzer Engineering Laboratories", "modules": ["Web management interface"], "product": "SEL-3530-4", "versions": [{"status": "affected", "version": "R132-V0", "lessThan": "R150-V2", "versionType": "custom"}, {"status": "affected", "version": "R132-V0", "lessThan": "R149-V4", "versionType": "custom"}, {"status": "affected", "version": "R132-V0", "lessThan": "R148-V7", "versionType": "custom"}, {"status": "affected", "version": "R132-V0", "lessThan": "R147-V6", "versionType": "custom"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}, {"vendor": "Schweitzer Engineering Laboratories", "modules": ["Web management interface"], "product": "SEL-3532", "versions": [{"status": "affected", "version": "R132-V0", "lessThan": "R150-V2", "versionType": "custom"}, {"status": "affected", "version": "R132-V0", "lessThan": "R149-V4", "versionType": "custom"}, {"status": "affected", "version": "R132-V0", "lessThan": "R148-V7", "versionType": "custom"}, {"status": "affected", "version": "R132-V0", "lessThan": "R147-V6", "versionType": "custom"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}, {"vendor": "Schweitzer Engineering Laboratories", "modules": ["Web management interface"], "product": "SEL-3555", "versions": [{"status": "affected", "version": "R134-V0", "lessThan": "R150-V2", "versionType": "custom"}, {"status": "affected", "version": "R134-V0", "lessThan": "R149-V4", "versionType": "custom"}, {"status": "affected", "version": "R134-V0", "lessThan": "R148-V7", "versionType": "custom"}, {"status": "affected", "version": "R134-V0", "lessThan": "R147-V6", "versionType": "custom"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}, {"vendor": "Schweitzer Engineering Laboratories", "modules": ["Web management interface"], "product": "SEL-3560S", "versions": [{"status": "affected", "version": "R144-V2", "lessThan": "R150-V2", "versionType": "custom"}, {"status": "affected", "version": "R144-V2", "lessThan": "R149-V4", "versionType": "custom"}, {"status": "affected", "version": "R144-V2", "lessThan": "R148-V7", "versionType": "custom"}, {"status": "affected", "version": "R144-V2", "lessThan": "R147-V6", "versionType": "custom"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}, {"vendor": "Schweitzer Engineering Laboratories", "modules": ["Web management interface"], "product": "SEL-3560E", "versions": [{"status": "affected", "version": "R144-V2", "lessThan": "R150-V2", "versionType": "custom"}, {"status": "affected", "version": "R144-V2", "lessThan": "R149-V4", "versionType": "custom"}, {"status": "affected", "version": "R144-V2", "lessThan": "R148-V7", "versionType": "custom"}, {"status": "affected", "version": "R144-V2", "lessThan": "R147-V6", "versionType": "custom"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}, {"vendor": "Schweitzer Engineering Laboratories", "modules": ["Web management interface"], "product": "SEL-2241 RTAC module", "versions": [{"status": "affected", "version": "R132-V0", "lessThan": "R150-V2", "versionType": "custom"}, {"status": "affected", "version": "R132-V0", "lessThan": "R149-V4", "versionType": "custom"}, {"status": "affected", "version": "R132-V0", "lessThan": "R148-V7", "versionType": "custom"}, {"status": "affected", "version": "R132-V0", "lessThan": "R147-V6", "versionType": "custom"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}, {"vendor": "Schweitzer Engineering Laboratories", "modules": ["Web management interface"], "product": "SEL-3350", "versions": [{"status": "affected", "version": "R148-V0", "lessThan": "R150-V2", "versionType": "custom"}, {"status": "affected", "version": "R148-V0", "lessThan": "R149-V4", "versionType": "custom"}, {"status": "affected", "version": "R148-V0", "lessThan": "R148-V7", "versionType": "custom"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}], "datePublic": "2023-05-10T07:00:00.000Z", "references": [{"url": "https://selinc.com/support/security-notifications/external-reports/"}, {"url": "https://www.nozominetworks.com/blog/"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "\nAn Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<div><div>An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.</div></div>\n\n<p>See SEL Service Bulletin dated 2022-11-15 for more details.<br></p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "5804bb70-792c-43e0-8596-486cc0efe699", "shortName": "SEL", "dateUpdated": "2023-05-10T19:23:43.200Z"}}}, "cveMetadata": {"cveId": "CVE-2023-31160", "state": "PUBLISHED", "dateUpdated": "2025-01-24T19:19:25.906Z", "dateReserved": "2023-04-24T23:19:33.136Z", "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699", "datePublished": "2023-05-10T19:23:43.200Z", "assignerShortName": "SEL"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:selinc:sel-2241_rtac_module_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "92EC2190-5E06-429E-A06A-76571E7ED430", "versionEndExcluding": "r150-v2", "versionStartIncluding": "r113-v0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:selinc:sel-2241_rtac_module:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE4A1AB9-1190-4620-BF97-4A5569E74310", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:selinc:sel-3350_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "490EC90A-C8C4-4AEA-90E8-DA1C6D11932C", "versionEndExcluding": "r150-v2", "versionStartIncluding": "r148-v0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:selinc:sel-3350:-:*:*:*:*:*:*:*", "matchCriteriaId": "FCA7F410-7F74-4EF1-913E-7B34674716DC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:selinc:sel-3505_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2161BCBC-6892-47E6-9A9F-0A82F0AA6A92", "versionEndExcluding": "r150-v2", "versionStartIncluding": "r119-v0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:selinc:sel-3505:-:*:*:*:*:*:*:*", "matchCriteriaId": "14D78E73-46F2-4D00-A75B-909752E36EB4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:selinc:sel-3505-3_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "39E788ED-56DC-455E-B907-9DA7ED359CB9", "versionEndExcluding": "r150-v2", "versionStartIncluding": "r132-v0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:selinc:sel-3505-3:-:*:*:*:*:*:*:*", "matchCriteriaId": "8A479C2B-F691-4E04-B551-9F631E5A2A0F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:selinc:sel-3530_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4A438B8C-AD18-47F5-94BF-2484D778EA75", "versionEndExcluding": "r150-v2", "versionStartIncluding": "r100-v0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:selinc:sel-3530:-:*:*:*:*:*:*:*", "matchCriteriaId": "8E56BC08-9C49-4614-8F52-3413B804A128", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:selinc:sel-3530-4_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C48D1C36-0F34-4A95-88E2-B69DE8803AF7", "versionEndExcluding": "r150-v2", "versionStartIncluding": "r108-v0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:selinc:sel-3530-4:-:*:*:*:*:*:*:*", "matchCriteriaId": "BB424E1B-2AE3-449E-9AA1-2AF48C1920FB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:selinc:sel-3532_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A9982B6A-2CED-4EF4-946D-E4B8A8CE3935", "versionEndExcluding": "r150-v2", "versionStartIncluding": "r132-v0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:selinc:sel-3532:-:*:*:*:*:*:*:*", "matchCriteriaId": "E573857F-C6DC-4E59-8F5B-4C51ED4D69DB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:selinc:sel-3555_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9333068D-CE59-4644-879F-A1B29D07C26B", "versionEndExcluding": "r150-v2", "versionStartIncluding": "r134-v0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:selinc:sel-3555:-:*:*:*:*:*:*:*", "matchCriteriaId": "282F6DB1-4B0F-424F-B5E4-0827F1E7EE6F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:selinc:sel-3560e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9BF86940-89E4-4D3C-B51D-CF189B8B20A3", "versionEndExcluding": "r150-v2", "versionStartIncluding": "r144-v2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:selinc:sel-3560e:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3EB8694-DC56-4E35-9659-B2787F872E08", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:selinc:sel-3560s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "28EAFD3D-1697-42BA-941E-2970A1177302", "versionEndExcluding": "r150-v2", "versionStartIncluding": "r144-v2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:selinc:sel-3560s:-:*:*:*:*:*:*:*", "matchCriteriaId": "F9D2A4A4-B81E-4034-863D-900D95166543", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "\nAn Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"}], "id": "CVE-2023-31160", "lastModified": "2024-11-21T08:01:31.530", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 3.4, "source": "security@selinc.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-05-10T20:15:11.003", "references": [{"source": "security@selinc.com", "tags": ["Vendor Advisory"], "url": "https://selinc.com/support/security-notifications/external-reports/"}, {"source": "security@selinc.com", "tags": ["Third Party Advisory"], "url": "https://www.nozominetworks.com/blog/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://selinc.com/support/security-notifications/external-reports/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.nozominetworks.com/blog/"}], "sourceIdentifier": "security@selinc.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@selinc.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}