CVE-2023-2310: Channel Accessible by Non-Endpoint
First published: Wed May 10 2023(Updated: )
A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer Engineering Laboratories SEL Real-Time Automation Controller (RTAC) could allow a remote attacker to perform a man-in-the-middle (MiTM) that could result in denial of service. See the ACSELERATOR RTAC SEL-5033 Software instruction manual date code 20210915 for more details.
Credit: security@selinc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Selinc Sel-2241 RTAC Module Firmware | >=r113-v0<r150-v2 | |
| Selinc Sel-2241 Rtac Module Firmware | ||
| Selinc Sel-3350 Firmware | >=r148-v0<r150-v2 | |
| Selinc Sel-3350 Firmware | ||
| SEL-3505 Firmware | >=r119-v0<r150-v2 | |
| SEL-3505 Firmware | ||
| SEL-3505 Firmware | >=r132-v0<r150-v2 | |
| SEL-3505 Firmware | ||
| Selinc Sel-3530-4 | >=r100-v0<r150-v2 | |
| Selinc Sel-3530 Firmware | ||
| Selinc Sel-3530-4 | >=r108-v0<r150-v2 | |
| SEL-3530-4 | ||
| Selinc Sel-3532 | >=r132-v0<r150-v2 | |
| Selinc Sel-3532 Firmware | ||
| Selinc Sel-3555 Firmware | >=r134-v0<r150-v2 | |
| Selinc Sel-3555 Firmware | ||
| Selinc Sel-3560e Firmware | >=r144-v2<r150-v2 | |
| Selinc Sel-3560e Firmware | ||
| Selinc Sel-3560s | >=r144-v2<r150-v2 | |
| Selinc SEL-3560S |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-2310?
CVE-2023-2310 is a Channel Accessible by Non-Endpoint vulnerability in the Schweitzer Engineering Laboratories SEL Real-Time Automation Controller (RTAC) that could allow a remote attacker to perform a man-in-the-middle (MiTM) attack resulting in denial of service.
What is the severity of CVE-2023-2310?
CVE-2023-2310 has a severity score of 5.3, which is considered medium.
Which software is affected by CVE-2023-2310?
The SEL-2241 RTAC Module Firmware versions up to r150-v2 and SEL-3350 Firmware versions up to r150-v2 are affected by CVE-2023-2310.
How can an attacker exploit CVE-2023-2310?
An attacker can exploit CVE-2023-2310 by performing a man-in-the-middle (MiTM) attack to gain unauthorized access to a channel accessible by non-endpoints, resulting in denial of service.
Where can I find more information about CVE-2023-2310?
You can find more information about CVE-2023-2310 on the Schweitzer Engineering Laboratories (SEL) website at https://selinc.com/support/security-notifications/external-reports/.
- agent/type
- agent/references
- agent/title
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/selinc
- canonical/selinc sel-2241 rtac module firmware
- version/selinc sel-2241 rtac module firmware/r113-v0
- canonical/selinc sel-3350 firmware
- version/selinc sel-3350 firmware/r148-v0
- canonical/sel-3505 firmware
- version/sel-3505 firmware/r119-v0
- version/sel-3505 firmware/r132-v0
- canonical/selinc sel-3530-4
- version/selinc sel-3530-4/r100-v0
- canonical/selinc sel-3530 firmware
- version/selinc sel-3530-4/r108-v0
- canonical/sel-3530-4
- canonical/selinc sel-3532
- version/selinc sel-3532/r132-v0
- canonical/selinc sel-3532 firmware
- canonical/selinc sel-3555 firmware
- version/selinc sel-3555 firmware/r134-v0
- canonical/selinc sel-3560e firmware
- version/selinc sel-3560e firmware/r144-v2
- canonical/selinc sel-3560s
- version/selinc sel-3560s/r144-v2