PT-2023-23182 · Schweitzer Engineering Laboratories · Sel Rtac
Andrea Palanca
·
Published
2023-05-10
·
Updated
2023-05-17
·
CVE-2023-31149
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) (affected versions not specified)
Description
An Improper Input Validation issue in the SEL RTAC Web Interface could allow a remote authenticated attacker to execute arbitrary code. The estimated number of potentially affected devices worldwide is not provided. There is no information about real-world incidents where this issue was exploited. Technical details about exploitation include the possibility of executing arbitrary code through improper input validation in the web interface.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sel Rtac