CVE-2023-31150

EPSS 0.14%
Veröffentlicht 10.05.2023 20:15:10
Zuletzt bearbeitet 21.11.2024 08:01:29
Quelle security@selinc.com
CVE-Watchlists
Login
Unerledigt
Login

A Storing Passwords in a Recoverable Format vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) database system could allow an authenticated attacker to retrieve passwords.
See SEL Service Bulletin dated 2022-11-15 for more details.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Selinc ≫ Sel-2241 Rtac Module Firmware Version >= r122-v0 < r150-v2

Selinc ≫ Sel-2241 Rtac Module Version-

Selinc ≫ Sel-3350 Firmware Version >= r148-v0 < r150-v2

Selinc ≫ Sel-3350 Version-

Selinc ≫ Sel-3505 Firmware Version >= r122-v0 < r150-v2

Selinc ≫ Sel-3505 Version-

Selinc ≫ Sel-3505-3 Firmware Version >= r132-v0 < r150-v2

Selinc ≫ Sel-3505-3 Version-

Selinc ≫ Sel-3530 Firmware Version >= r122-v0 < r150-v2

Selinc ≫ Sel-3530 Version-

Selinc ≫ Sel-3530-4 Firmware Version >= r122-v0 < r150-v2

Selinc ≫ Sel-3530-4 Version-

Selinc ≫ Sel-3532 Firmware Version >= r132-v0 < r150-v2

Selinc ≫ Sel-3532 Version-

Selinc ≫ Sel-3555 Firmware Version >= r134-v0 < r150-v2

Selinc ≫ Sel-3555 Version-

Selinc ≫ Sel-3560e Firmware Version >= r144-v2 < r150-v2

Selinc ≫ Sel-3560e Version-

Selinc ≫ Sel-3560s Firmware Version >= r144-v2 < r150-v2

Selinc ≫ Sel-3560s Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.35

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
security@selinc.com	8	1.3	6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE-257 Storing Passwords in a Recoverable Format

The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts.

CWE-922 Insecure Storage of Sensitive Information

The product stores sensitive information without properly limiting read or write access by unauthorized actors.

https://selinc.com/support/security-notifications/external-reports/

Vendor Advisory

https://www.nozominetworks.com/blog/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-31150

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-31150

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-31150

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-31150