CVE-2023-31148: Improper Input Validation in Web Interface
First published: Wed May 10 2023(Updated: )
An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code. See SEL Service Bulletin dated 2022-11-15 for more details.
Credit: security@selinc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Selinc Sel-2241 RTAC Module Firmware | >=r132-v0<r150-v2 | |
| Selinc Sel-2241 Rtac Module Firmware | ||
| Selinc Sel-3350 Firmware | >=r148-v0<r150-v2 | |
| Selinc Sel-3350 Firmware | ||
| SEL-3505 Firmware | >=r132-v0<r150-v2 | |
| SEL-3505 Firmware | ||
| SEL-3505 Firmware | >=r132-v0<r150-v2 | |
| SEL-3505 Firmware | ||
| Selinc Sel-3530-4 | >=r132-v0<r150-v2 | |
| Selinc Sel-3530 Firmware | ||
| Selinc Sel-3530-4 | >=r132-v0<r150-v2 | |
| SEL-3530-4 | ||
| Selinc Sel-3532 | >=r132-v0<r150-v2 | |
| Selinc Sel-3532 Firmware | ||
| Selinc Sel-3555 Firmware | >=r134-v0<r150-v2 | |
| Selinc Sel-3555 Firmware | ||
| Selinc Sel-3560e Firmware | >=r144-v2<r150-v2 | |
| Selinc Sel-3560e Firmware | ||
| Selinc Sel-3560s | >=r144-v2<r150-v2 | |
| Selinc SEL-3560S |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2023-31148.
What is the severity level of CVE-2023-31148?
The severity level of CVE-2023-31148 is critical with a value of 8.8.
What is the affected software for CVE-2023-31148?
The affected software for CVE-2023-31148 includes SEL RTAC module firmware versions from r132-v0 to r150-v2, SEL-2241 RTAC Module, SEL-3350 Firmware versions from r148-v0 to r150-v2, SEL-3350, SEL-3505 Firmware versions from r132-v0 to r150-v2, SEL-3505, SEL-3505-3 Firmware versions from r132-v0 to r150-v2, SEL-3505-3, SEL-3530 Firmware versions from r132-v0 to r150-v2, SEL-3530, SEL-3530-4 Firmware versions from r132-v0 to r150-v2, SEL-3530-4, SEL-3532 Firmware versions from r132-v0 to r150-v2, SEL-3532, SEL-3555 Firmware versions from r134-v0 to r150-v2, SEL-3555, SEL-3560e Firmware versions from r144-v2 to r150-v2, SEL-3560e, SEL-3560s Firmware versions from r144-v2 to r150-v2, and SEL-3560s.
Is SEL-2241 RTAC Module vulnerable to CVE-2023-31148?
No, SEL-2241 RTAC Module is not vulnerable to CVE-2023-31148.
How can I fix CVE-2023-31148?
To fix CVE-2023-31148, it is recommended to apply the necessary security updates provided by Schweitzer Engineering Laboratories (SEL) as mentioned in their Service Bulletin dated 2022-11-15.
- agent/type
- agent/references
- agent/title
- agent/author
- agent/weakness
- agent/severity
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/selinc
- canonical/selinc sel-2241 rtac module firmware
- version/selinc sel-2241 rtac module firmware/r132-v0
- canonical/selinc sel-3350 firmware
- version/selinc sel-3350 firmware/r148-v0
- canonical/sel-3505 firmware
- version/sel-3505 firmware/r132-v0
- canonical/selinc sel-3530-4
- version/selinc sel-3530-4/r132-v0
- canonical/selinc sel-3530 firmware
- canonical/sel-3530-4
- canonical/selinc sel-3532
- version/selinc sel-3532/r132-v0
- canonical/selinc sel-3532 firmware
- canonical/selinc sel-3555 firmware
- version/selinc sel-3555 firmware/r134-v0
- canonical/selinc sel-3560e firmware
- version/selinc sel-3560e firmware/r144-v2
- canonical/selinc sel-3560s
- version/selinc sel-3560s/r144-v2