CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 0CVE-2023-31166 – Improper Limitation of a Pathname to a Restricted Directory
https://notcve.org/view.php?id=CVE-2023-31166
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to create folders in arbitrary paths of the file system. See SEL Service Bulletin dated 2022-11-15 for more details. • https://selinc.com/support/security-notifications/external-reports https://www.nozominetworks.com/blog • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.4EPSS: 0%CPEs: 20EXPL: 0CVE-2023-31165 – Improper Neutralization of Input During Web Page Generation
https://notcve.org/view.php?id=CVE-2023-31165
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details. • https://selinc.com/support/security-notifications/external-reports https://www.nozominetworks.com/blog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 20EXPL: 0CVE-2023-31164 – Improper Neutralization of Input During Web Page Generation
https://notcve.org/view.php?id=CVE-2023-31164
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details. • https://selinc.com/support/security-notifications/external-reports https://www.nozominetworks.com/blog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 20EXPL: 0CVE-2023-31163 – Improper Neutralization of Input During Web Page Generation
https://notcve.org/view.php?id=CVE-2023-31163
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details. • https://selinc.com/support/security-notifications/external-reports https://www.nozominetworks.com/blog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 20EXPL: 0CVE-2023-31162 – Improper Input Validation in Web Interface
https://notcve.org/view.php?id=CVE-2023-31162
An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to arbitrarily alter the content of a configuration file. See SEL Service Bulletin dated 2022-11-15 for more details. • https://selinc.com/support/security-notifications/external-reports https://www.nozominetworks.com/blog • CWE-20: Improper Input Validation •