CVSS: 4.7EPSS: 0%CPEs: 20EXPL: 0CVE-2023-31151 – Improper Certificate Validation
https://notcve.org/view.php?id=CVE-2023-31151
An Improper Certificate Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote unauthenticated attacker to conduct a man-in-the-middle (MitM) attack. See SEL Service Bulletin dated 2022-11-15 for more details. • https://selinc.com/support/security-notifications/external-reports https://www.nozominetworks.com/blog • CWE-295: Improper Certificate Validation •
CVSS: 8.0EPSS: 0%CPEs: 20EXPL: 0CVE-2023-31150 – Storing Passwords in a Recoverable Format
https://notcve.org/view.php?id=CVE-2023-31150
A Storing Passwords in a Recoverable Format vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) database system could allow an authenticated attacker to retrieve passwords. See SEL Service Bulletin dated 2022-11-15 for more details. • https://selinc.com/support/security-notifications/external-reports https://www.nozominetworks.com/blog • CWE-257: Storing Passwords in a Recoverable Format CWE-922: Insecure Storage of Sensitive Information •
CVSS: 9.1EPSS: 0%CPEs: 20EXPL: 0CVE-2023-31149 – Improper Input Validation in Web Interface
https://notcve.org/view.php?id=CVE-2023-31149
An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code. See SEL Service Bulletin dated 2022-11-15 for more details. • https://selinc.com/support/security-notifications/external-reports https://www.nozominetworks.com/blog • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 20EXPL: 0CVE-2023-31148 – Improper Input Validation in Web Interface
https://notcve.org/view.php?id=CVE-2023-31148
An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code. See SEL Service Bulletin dated 2022-11-15 for more details. • https://selinc.com/support/security-notifications/external-reports https://www.nozominetworks.com/blog • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 20EXPL: 0CVE-2023-2310 – Channel Accessible by Non-Endpoint
https://notcve.org/view.php?id=CVE-2023-2310
A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer Engineering Laboratories SEL Real-Time Automation Controller (RTAC) could allow a remote attacker to perform a man-in-the-middle (MiTM) that could result in denial of service. See the ACSELERATOR RTAC SEL-5033 Software instruction manual date code 20210915 for more details. • https://selinc.com/support/security-notifications/external-reports • CWE-300: Channel Accessible by Non-Endpoint •