CVE-2023-31150 – Storing Passwords in a Recoverable Format
https://notcve.org/view.php?id=CVE-2023-31150
A Storing Passwords in a Recoverable Format vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) database system could allow an authenticated attacker to retrieve passwords. See SEL Service Bulletin dated 2022-11-15 for more details. • https://selinc.com/support/security-notifications/external-reports https://www.nozominetworks.com/blog • CWE-257: Storing Passwords in a Recoverable Format CWE-922: Insecure Storage of Sensitive Information •
CVE-2023-31149 – Improper Input Validation in Web Interface
https://notcve.org/view.php?id=CVE-2023-31149
An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code. See SEL Service Bulletin dated 2022-11-15 for more details. • https://selinc.com/support/security-notifications/external-reports https://www.nozominetworks.com/blog • CWE-20: Improper Input Validation •
CVE-2023-31148 – Improper Input Validation in Web Interface
https://notcve.org/view.php?id=CVE-2023-31148
An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code. See SEL Service Bulletin dated 2022-11-15 for more details. • https://selinc.com/support/security-notifications/external-reports https://www.nozominetworks.com/blog • CWE-20: Improper Input Validation •
CVE-2023-2310 – Channel Accessible by Non-Endpoint
https://notcve.org/view.php?id=CVE-2023-2310
A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer Engineering Laboratories SEL Real-Time Automation Controller (RTAC) could allow a remote attacker to perform a man-in-the-middle (MiTM) that could result in denial of service. See the ACSELERATOR RTAC SEL-5033 Software instruction manual date code 20210915 for more details. • https://selinc.com/support/security-notifications/external-reports • CWE-300: Channel Accessible by Non-Endpoint •
CVE-2013-2798
https://notcve.org/view.php?id=CVE-2013-2798
Schweitzer Engineering Laboratories (SEL) SEL-2241, SEL-3505, and SEL-3530 RTAC master devices allow physically proximate attackers to cause a denial of service (infinite loop) via crafted input over a serial line. Los dispositivos maestro Schweitzer Engineering Laboratories (SEL) SEL-2241, SEL-3505, y SEL-3530 RTAC permite a atacantes con acceso físico provocar una denegación de servicio (bucle infinito) a través de una entrada por línea serie manipulada. • http://ics-cert.us-cert.gov/advisories/ICSA-13-219-01 • CWE-20: Improper Input Validation •