CVE-2023-31150
Storing Passwords in a Recoverable Format
In short
The SEL RTAC database stores passwords in a way that can be recovered and read by someone with access to the system. An attacker who gains database access can extract these passwords to compromise other accounts or systems.
Technical detail
CWE-257 vulnerability in SEL RTAC database: passwords are stored in a recoverable format rather than using cryptographic hashing. An authenticated attacker with database access can retrieve plaintext or easily reversible password representations, enabling lateral movement and unauthorized access to connected systems or accounts.
Summary generated and translated by AI from the official description.
A Storing Passwords in a Recoverable Format vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) database system could allow an authenticated attacker to retrieve passwords.
See SEL Service Bulletin dated 2022-11-15 for more details.
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Affected products
Schweitzer Engineering Laboratories · SEL-2241 RTAC moduleSchweitzer Engineering Laboratories · SEL-3350Schweitzer Engineering Laboratories · SEL-3505Schweitzer Engineering Laboratories · SEL-3505-3Schweitzer Engineering Laboratories · SEL-3530Schweitzer Engineering Laboratories · SEL-3530-4Schweitzer Engineering Laboratories · SEL-3532Schweitzer Engineering Laboratories · SEL-3555Schweitzer Engineering Laboratories · SEL-3560ESchweitzer Engineering Laboratories · SEL-3560SWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →