8.8
CVE-2023-31161
- EPSS 0.29%
- Veröffentlicht 10.05.2023 20:15:11
- Zuletzt bearbeitet 21.11.2024 08:01:31
- Quelle security@selinc.com
- CVE-Watchlists
- Unerledigt
LoginAn Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow an authenticated remote attacker to use internal resources, allowing a variety of potential effects. See SEL Service Bulletin dated 2022-11-15 for more details.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Selinc ≫ Sel-3350 Firmware Version >= r148-v0 < r150-v2
Selinc ≫ Sel-3532 Firmware Version >= r143-v0 < r150-v2
Selinc ≫ Sel-3555 Firmware Version >= r143-v0 < r150-v2
Selinc ≫ Sel-3560e Firmware Version >= r144-v2 < r150-v2
Selinc ≫ Sel-3560s Firmware Version >= r144-v2 < r150-v2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.29% | 0.522 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| security@selinc.com | 5.9 | 1.7 | 3.7 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.