An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.See SEL Service Bulletin dated 2022-11-15 for more details.
References
Link | Resource |
---|---|
https://selinc.com/support/security-notifications/external-reports/ | Vendor Advisory |
https://www.nozominetworks.com/blog/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
History
17 May 2023, 16:59
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.nozominetworks.com/blog/ - Third Party Advisory | |
References | (MISC) https://selinc.com/support/security-notifications/external-reports/ - Vendor Advisory | |
CWE | CWE-79 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
CPE | cpe:2.3:o:selinc:sel-3350_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:selinc:sel-3560s_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:selinc:sel-3505-3:-:*:*:*:*:*:*:* cpe:2.3:h:selinc:sel-3560s:-:*:*:*:*:*:*:* cpe:2.3:o:selinc:sel-3530-4_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:selinc:sel-3555_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:selinc:sel-3560e_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:selinc:sel-3555:-:*:*:*:*:*:*:* cpe:2.3:h:selinc:sel-3560e:-:*:*:*:*:*:*:* cpe:2.3:h:selinc:sel-3505:-:*:*:*:*:*:*:* cpe:2.3:h:selinc:sel-3530-4:-:*:*:*:*:*:*:* cpe:2.3:o:selinc:sel-3530_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:selinc:sel-3350:-:*:*:*:*:*:*:* cpe:2.3:o:selinc:sel-3505_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:selinc:sel-3530:-:*:*:*:*:*:*:* cpe:2.3:o:selinc:sel-2241_rtac_module_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:selinc:sel-3532_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:selinc:sel-2241_rtac_module:-:*:*:*:*:*:*:* cpe:2.3:o:selinc:sel-3505-3_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:selinc:sel-3532:-:*:*:*:*:*:*:* |
10 May 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-05-10 20:15
Updated : 2024-02-04 23:37
NVD link : CVE-2023-31153
Mitre link : CVE-2023-31153
CVE.ORG link : CVE-2023-31153
JSON object : View
Products Affected
selinc
- sel-3555
- sel-3532
- sel-3350_firmware
- sel-3560e_firmware
- sel-3505-3_firmware
- sel-3530
- sel-3505-3
- sel-3560s
- sel-3350
- sel-3530-4_firmware
- sel-2241_rtac_module_firmware
- sel-3560e
- sel-3532_firmware
- sel-3505
- sel-3530-4
- sel-3555_firmware
- sel-3560s_firmware
- sel-3530_firmware
- sel-3505_firmware
- sel-2241_rtac_module
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')