CVE-2023-31153: Improper Neutralization of Input During Web Page Generation
First published: Wed May 10 2023(Updated: )
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.See SEL Service Bulletin dated 2022-11-15 for more details.
Credit: security@selinc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Selinc Sel-2241 RTAC Module Firmware | >=r113-v0<r150-v2 | |
| Selinc Sel-2241 Rtac Module Firmware | ||
| Selinc Sel-3350 Firmware | >=r148-v0<r150-v2 | |
| Selinc Sel-3350 Firmware | ||
| SEL-3505 Firmware | >=r119-v0<r150-v2 | |
| SEL-3505 Firmware | ||
| SEL-3505 Firmware | >=r132-v0<r150-v2 | |
| SEL-3505 Firmware | ||
| Selinc Sel-3530-4 | >=r109-v0<r150-v2 | |
| Selinc Sel-3530 Firmware | ||
| Selinc Sel-3530-4 | >=r109-v0<r150-v2 | |
| SEL-3530-4 | ||
| Selinc Sel-3532 | >=r132-v0<r150-v2 | |
| Selinc Sel-3532 Firmware | ||
| Selinc Sel-3555 Firmware | >=r134-v0<r150-v2 | |
| Selinc Sel-3555 Firmware | ||
| Selinc Sel-3560e Firmware | >=r144-v2<r150-v2 | |
| Selinc Sel-3560e Firmware | ||
| Selinc Sel-3560s | >=r144-v2<r150-v2 | |
| Selinc SEL-3560S |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-31153.
What is the severity of CVE-2023-31153?
The severity of CVE-2023-31153 is medium with a CVSS score of 5.4.
Which software is affected by CVE-2023-31153?
CVE-2023-31153 affects the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface.
What is the impact of CVE-2023-31153?
CVE-2023-31153 allows a remote authenticated attacker to inject and execute arbitrary script code.
Are there any references related to CVE-2023-31153?
Yes, you can find more information about CVE-2023-31153 in the following references: [Link 1](https://selinc.com/support/security-notifications/external-reports/) and [Link 2](https://www.nozominetworks.com/blog/).
- agent/references
- agent/type
- agent/title
- agent/author
- agent/weakness
- agent/severity
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/selinc
- canonical/selinc sel-2241 rtac module firmware
- version/selinc sel-2241 rtac module firmware/r113-v0
- canonical/selinc sel-3350 firmware
- version/selinc sel-3350 firmware/r148-v0
- canonical/sel-3505 firmware
- version/sel-3505 firmware/r119-v0
- version/sel-3505 firmware/r132-v0
- canonical/selinc sel-3530-4
- version/selinc sel-3530-4/r109-v0
- canonical/selinc sel-3530 firmware
- canonical/sel-3530-4
- canonical/selinc sel-3532
- version/selinc sel-3532/r132-v0
- canonical/selinc sel-3532 firmware
- canonical/selinc sel-3555 firmware
- version/selinc sel-3555 firmware/r134-v0
- canonical/selinc sel-3560e firmware
- version/selinc sel-3560e firmware/r144-v2
- canonical/selinc sel-3560s
- version/selinc sel-3560s/r144-v2