CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31171 – Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
https://notcve.org/view.php?id=CVE-2023-31171
An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0. • https://selinc.com/support/security-notifications/external-reports https://www.nozominetworks.com/blog • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31170 – Inclusion of Functionality from Untrusted Control Sphere
https://notcve.org/view.php?id=CVE-2023-31170
An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0. • https://selinc.com/support/security-notifications/external-reports https://www.nozominetworks.com/blog • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31169 – Improper Handling of Unicode Encoding
https://notcve.org/view.php?id=CVE-2023-31169
An Improper Handling of Unicode Encoding vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0. • https://selinc.com/support/security-notifications/external-reports https://www.nozominetworks.com/blog • CWE-176: Improper Handling of Unicode Encoding CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31168 – Inclusion of Functionality from Untrusted Control Sphere
https://notcve.org/view.php?id=CVE-2023-31168
An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0. • https://selinc.com/support/security-notifications/external-reports https://www.nozominetworks.com/blog • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-31167 – Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
https://notcve.org/view.php?id=CVE-2023-31167
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Schweitzer Engineering Laboratories SEL-5036 acSELerator Bay Screen Builder Software on Windows allows Relative Path Traversal. SEL acSELerator Bay Screen Builder software is distributed by SEL-5033 SEL acSELerator RTAC, SEL-5030 Quickset, and SEL Compass. CVE-2023-31167 and was patched in the acSELerator Bay Screen Builder release available on 20230602. Please contact SEL for additional details. This issue affects SEL-5036 acSELerator Bay Screen Builder Software: before 1.0.49152.778. • https://dragos.com https://selinc.com/support/security-notifications/external-reports • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •