CVE-2023-31172 – Incomplete Filtering of Special Elements
https://notcve.org/view.php?id=CVE-2023-31172
An Incomplete Filtering of Special Elements vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0. • https://selinc.com/support/security-notifications/external-reports https://www.nozominetworks.com/blog • CWE-791: Incomplete Filtering of Special Elements •
CVE-2023-31171 – Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
https://notcve.org/view.php?id=CVE-2023-31171
An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0. • https://selinc.com/support/security-notifications/external-reports https://www.nozominetworks.com/blog • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-31170 – Inclusion of Functionality from Untrusted Control Sphere
https://notcve.org/view.php?id=CVE-2023-31170
An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0. • https://selinc.com/support/security-notifications/external-reports https://www.nozominetworks.com/blog • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVE-2023-31169 – Improper Handling of Unicode Encoding
https://notcve.org/view.php?id=CVE-2023-31169
An Improper Handling of Unicode Encoding vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0. • https://selinc.com/support/security-notifications/external-reports https://www.nozominetworks.com/blog • CWE-176: Improper Handling of Unicode Encoding CWE-755: Improper Handling of Exceptional Conditions •
CVE-2023-31168 – Inclusion of Functionality from Untrusted Control Sphere
https://notcve.org/view.php?id=CVE-2023-31168
An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0. • https://selinc.com/support/security-notifications/external-reports https://www.nozominetworks.com/blog • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •