CVSS: 5.4EPSS: 0%CPEs: 20EXPL: 0CVE-2023-31155 – Improper Neutralization of Input During Web Page Generation
https://notcve.org/view.php?id=CVE-2023-31155
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details. • https://selinc.com/support/security-notifications/external-reports https://www.nozominetworks.com/blog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 20EXPL: 0CVE-2023-31154 – Improper Neutralization of Input During Web Page Generation
https://notcve.org/view.php?id=CVE-2023-31154
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details. • https://selinc.com/support/security-notifications/external-reports https://www.nozominetworks.com/blog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 20EXPL: 0CVE-2023-31153 – Improper Neutralization of Input During Web Page Generation
https://notcve.org/view.php?id=CVE-2023-31153
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.See SEL Service Bulletin dated 2022-11-15 for more details. • https://selinc.com/support/security-notifications/external-reports https://www.nozominetworks.com/blog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 20EXPL: 0CVE-2023-31152 – Authentication Bypass Using an Alternate Path or Channel
https://notcve.org/view.php?id=CVE-2023-31152
An Authentication Bypass Using an Alternate Path or Channel vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface allows Authentication Bypass. See SEL Service Bulletin dated 2022-11-15 for more details. • https://selinc.com/support/security-notifications/external-reports https://www.nozominetworks.com/blog • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 4.7EPSS: 0%CPEs: 20EXPL: 0CVE-2023-31151 – Improper Certificate Validation
https://notcve.org/view.php?id=CVE-2023-31151
An Improper Certificate Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote unauthenticated attacker to conduct a man-in-the-middle (MitM) attack. See SEL Service Bulletin dated 2022-11-15 for more details. • https://selinc.com/support/security-notifications/external-reports https://www.nozominetworks.com/blog • CWE-295: Improper Certificate Validation •