CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 0CVE-2023-31166 – Improper Limitation of a Pathname to a Restricted Directory
https://notcve.org/view.php?id=CVE-2023-31166
10 May 2023 — An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to create folders in arbitrary paths of the file system. See SEL Service Bulletin dated 2022-11-15 for more details. • https://selinc.com/support/security-notifications/external-reports • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 0CVE-2023-31165 – Improper Neutralization of Input During Web Page Generation
https://notcve.org/view.php?id=CVE-2023-31165
10 May 2023 — An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details. • https://selinc.com/support/security-notifications/external-reports • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 0CVE-2023-31164 – Improper Neutralization of Input During Web Page Generation
https://notcve.org/view.php?id=CVE-2023-31164
10 May 2023 — An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details. • https://selinc.com/support/security-notifications/external-reports • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 0CVE-2023-31163 – Improper Neutralization of Input During Web Page Generation
https://notcve.org/view.php?id=CVE-2023-31163
10 May 2023 — An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details. • https://selinc.com/support/security-notifications/external-reports • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 20EXPL: 0CVE-2023-31162 – Improper Input Validation in Web Interface
https://notcve.org/view.php?id=CVE-2023-31162
10 May 2023 — An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to arbitrarily alter the content of a configuration file. See SEL Service Bulletin dated 2022-11-15 for more details. • https://selinc.com/support/security-notifications/external-reports • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 10EXPL: 0CVE-2023-31161 – Improper Input Validation in Web Interface
https://notcve.org/view.php?id=CVE-2023-31161
10 May 2023 — An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow an authenticated remote attacker to use internal resources, allowing a variety of potential effects. See SEL Service Bulletin dated 2022-11-15 for more details. An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow an authenticated remote attacker to use i... • https://selinc.com/support/security-notifications/external-reports • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 0CVE-2023-31160 – Improper Neutralization of Input During Web Page Generation
https://notcve.org/view.php?id=CVE-2023-31160
10 May 2023 — An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details. • https://selinc.com/support/security-notifications/external-reports • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 0CVE-2023-31159 – Improper Neutralization of Input During Web Page Generation
https://notcve.org/view.php?id=CVE-2023-31159
10 May 2023 — An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details. • https://selinc.com/support/security-notifications/external-reports • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 0CVE-2023-31158 – Improper Neutralization of Input During Web Page Generation
https://notcve.org/view.php?id=CVE-2023-31158
10 May 2023 — An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details. • https://selinc.com/support/security-notifications/external-reports • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 0CVE-2023-31157 – Improper Neutralization of Input During Web Page Generation
https://notcve.org/view.php?id=CVE-2023-31157
10 May 2023 — An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details. • https://selinc.com/support/security-notifications/external-reports • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •