CVE-2023-31177
Improper neutralizataion of input could lead to execution of arbitrary code
In short
The SEL-451 device does not properly filter user input in web pages, allowing attackers to create malicious links that execute harmful code on a victim's computer when clicked.
Technical detail
Cross-site scripting (XSS) vulnerability in SEL-451 web interface fails to neutralize untrusted input during HTML generation. An attacker can craft a malicious link containing JavaScript payload that executes in the victim's browser with the privileges of the authenticated session, potentially compromising device configuration or sensitive data.
Summary generated and translated by AI from the official description.
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in the Schweitzer Engineering Laboratories SEL-451 could allow an attacker to craft a link that could execute arbitrary code on a victim's system.
See product Instruction Manual Appendix A dated 20230830 for more details.
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
Affected products
Schweitzer Engineering Laboratories · SEL-451Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →