CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 0CVE-2023-31155 – Improper Neutralization of Input During Web Page Generation
https://notcve.org/view.php?id=CVE-2023-31155
10 May 2023 — An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details. • https://selinc.com/support/security-notifications/external-reports • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 0CVE-2023-31154 – Improper Neutralization of Input During Web Page Generation
https://notcve.org/view.php?id=CVE-2023-31154
10 May 2023 — An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details. • https://selinc.com/support/security-notifications/external-reports • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 0CVE-2023-31153 – Improper Neutralization of Input During Web Page Generation
https://notcve.org/view.php?id=CVE-2023-31153
10 May 2023 — An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.See SEL Service Bulletin dated 2022-11-15 for more details. An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automat... • https://selinc.com/support/security-notifications/external-reports • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 20EXPL: 0CVE-2023-31152 – Authentication Bypass Using an Alternate Path or Channel
https://notcve.org/view.php?id=CVE-2023-31152
10 May 2023 — An Authentication Bypass Using an Alternate Path or Channel vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface allows Authentication Bypass. See SEL Service Bulletin dated 2022-11-15 for more details. • https://selinc.com/support/security-notifications/external-reports • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 4.7EPSS: 0%CPEs: 20EXPL: 0CVE-2023-31151 – Improper Certificate Validation
https://notcve.org/view.php?id=CVE-2023-31151
10 May 2023 — An Improper Certificate Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote unauthenticated attacker to conduct a man-in-the-middle (MitM) attack. See SEL Service Bulletin dated 2022-11-15 for more details. An Improper Certificate Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote unauthenticated attacker to conduct a man... • https://selinc.com/support/security-notifications/external-reports • CWE-295: Improper Certificate Validation •
CVSS: 8.0EPSS: 0%CPEs: 20EXPL: 0CVE-2023-31150 – Storing Passwords in a Recoverable Format
https://notcve.org/view.php?id=CVE-2023-31150
10 May 2023 — A Storing Passwords in a Recoverable Format vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) database system could allow an authenticated attacker to retrieve passwords. See SEL Service Bulletin dated 2022-11-15 for more details. A Storing Passwords in a Recoverable Format vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) database system could allow an authenticated attacker to retrieve passwords. See SEL Se... • https://selinc.com/support/security-notifications/external-reports • CWE-257: Storing Passwords in a Recoverable Format CWE-922: Insecure Storage of Sensitive Information •
CVSS: 9.1EPSS: 0%CPEs: 20EXPL: 0CVE-2023-31149 – Improper Input Validation in Web Interface
https://notcve.org/view.php?id=CVE-2023-31149
10 May 2023 — An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code. See SEL Service Bulletin dated 2022-11-15 for more details. An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code. See SEL Service Bulletin... • https://selinc.com/support/security-notifications/external-reports • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 20EXPL: 0CVE-2023-31148 – Improper Input Validation in Web Interface
https://notcve.org/view.php?id=CVE-2023-31148
10 May 2023 — An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code. See SEL Service Bulletin dated 2022-11-15 for more details. An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code. See SEL Service Bulletin... • https://selinc.com/support/security-notifications/external-reports • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 20EXPL: 0CVE-2023-2310 – Channel Accessible by Non-Endpoint
https://notcve.org/view.php?id=CVE-2023-2310
10 May 2023 — A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer Engineering Laboratories SEL Real-Time Automation Controller (RTAC) could allow a remote attacker to perform a man-in-the-middle (MiTM) that could result in denial of service. See the ACSELERATOR RTAC SEL-5033 Software instruction manual date code 20210915 for more details. • https://selinc.com/support/security-notifications/external-reports • CWE-300: Channel Accessible by Non-Endpoint •