9.1
CVE-2023-31149
- EPSS 1.14%
- Veröffentlicht 10.05.2023 20:15:09
- Zuletzt bearbeitet 21.11.2024 08:01:29
- Quelle security@selinc.com
- CVE-Watchlists
- Unerledigt
LoginAn Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code. See SEL Service Bulletin dated 2022-11-15 for more details.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Selinc ≫ Sel-2241 Rtac Module Firmware Version >= r132-v0 < r150-v2
Selinc ≫ Sel-3350 Firmware Version >= r148-v0 < r150-v2
Selinc ≫ Sel-3505 Firmware Version >= r132-v0 < r150-v2
Selinc ≫ Sel-3505-3 Firmware Version >= r132-v0 < r150-v2
Selinc ≫ Sel-3530 Firmware Version >= r132-v0 < r150-v2
Selinc ≫ Sel-3530-4 Firmware Version >= r132-v0 < r150-v2
Selinc ≫ Sel-3532 Firmware Version >= r132-v0 < r150-v2
Selinc ≫ Sel-3555 Firmware Version >= r134-v0 < r150-v2
Selinc ≫ Sel-3560e Firmware Version >= r144-v2 < r150-v2
Selinc ≫ Sel-3560s Firmware Version >= r144-v2 < r150-v2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.14% | 0.781 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| security@selinc.com | 9.1 | 2.3 | 6 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.