CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34391 – Insecure Inherited Permissions
https://notcve.org/view.php?id=CVE-2023-34391
31 Aug 2023 — Insecure Inherited Permissions vulnerability in Schweitzer Engineering Laboratories SEL-5033 AcSELerator RTAC Software on Windows allows Leveraging/Manipulating Configuration File Search Paths. See Instruction Manual Appendix A [Cybersecurity] tag dated 20230522 for more details. This issue affects SEL-5033 AcSELerator RTAC Software: before 1.35.151.21000. • https://dragos.com • CWE-277: Insecure Inherited Permissions CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31175 – Execution with Unnecessary Privileges
https://notcve.org/view.php?id=CVE-2023-31175
31 Aug 2023 — An Execution with Unnecessary Privileges vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run system commands with the highest level privilege on the system. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20. • https://selinc.com/support/security-notifications/external-reports • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31174 – Cross-Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-31174
31 Aug 2023 — A Cross-Site Request Forgery (CSRF) vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20. • https://selinc.com/support/security-notifications/external-reports • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-31173 – Use of Hard-coded Credentials
https://notcve.org/view.php?id=CVE-2023-31173
31 Aug 2023 — Use of Hard-coded Credentials vulnerability in Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator on Windows allows Authentication Bypass. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20. • https://selinc.com/support/security-notifications/external-reports • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31172 – Incomplete Filtering of Special Elements
https://notcve.org/view.php?id=CVE-2023-31172
31 Aug 2023 — An Incomplete Filtering of Special Elements vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0. • https://selinc.com/support/security-notifications/external-reports • CWE-791: Incomplete Filtering of Special Elements •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31171 – Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
https://notcve.org/view.php?id=CVE-2023-31171
31 Aug 2023 — An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0. • https://selinc.com/support/security-notifications/external-reports • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31170 – Inclusion of Functionality from Untrusted Control Sphere
https://notcve.org/view.php?id=CVE-2023-31170
31 Aug 2023 — An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0. • https://selinc.com/support/security-notifications/external-reports • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31169 – Improper Handling of Unicode Encoding
https://notcve.org/view.php?id=CVE-2023-31169
31 Aug 2023 — An Improper Handling of Unicode Encoding vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0. An Improper Handling of Unicode Encoding vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELer... • https://selinc.com/support/security-notifications/external-reports • CWE-176: Improper Handling of Unicode Encoding CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31168 – Inclusion of Functionality from Untrusted Control Sphere
https://notcve.org/view.php?id=CVE-2023-31168
31 Aug 2023 — An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0. • https://selinc.com/support/security-notifications/external-reports • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-31167 – Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
https://notcve.org/view.php?id=CVE-2023-31167
31 Aug 2023 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Schweitzer Engineering Laboratories SEL-5036 acSELerator Bay Screen Builder Software on Windows allows Relative Path Traversal. SEL acSELerator Bay Screen Builder software is distributed by SEL-5033 SEL acSELerator RTAC, SEL-5030 Quickset, and SEL Compass. CVE-2023-31167 and was patched in the acSELerator Bay Screen Builder release available on 20230602. Please contact SEL for additional details. This issue affec... • https://dragos.com • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •