CVE-2023-31161

Improper Input Validation in Web Interface

CVSS 5.9 MEDIUMEPSS 0.5%CWE-20

In short

The Schweitzer Engineering Laboratories RTAC Web Interface does not properly validate user input, allowing an authenticated attacker to misuse internal resources in unintended ways. This could lead to various harmful effects depending on what resources are accessed.

Technical detail

An improper input validation flaw in the SEL RTAC Web Interface (CWE-20) permits authenticated remote attackers to manipulate internal resources through crafted requests. The vulnerability requires prior authentication and allows potential resource abuse with impacts dependent on affected system functionality.

Summary generated and translated by AI from the official description.

An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow an authenticated remote attacker to use internal resources, allowing a variety of potential effects. See SEL Service Bulletin dated 2022-11-15 for more details.

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Affected products

Schweitzer Engineering Laboratories · SEL-3350 Schweitzer Engineering Laboratories · SEL-3532 Schweitzer Engineering Laboratories · SEL-3555 Schweitzer Engineering Laboratories · SEL-3560E Schweitzer Engineering Laboratories · SEL-3560S

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://selinc.com/support/security-notifications/external-reports/https://www.nozominetworks.com/blog/