CVE-2023-31162
Improper Input Validation in Web Interface
In short
A flaw in the SEL RTAC web interface fails to properly validate user input, allowing an authenticated attacker to modify configuration files without proper authorization. This could lead to unauthorized changes to critical system settings.
Technical detail
Improper input validation in the RTAC web interface permits a remote authenticated attacker to bypass input sanitization controls and arbitrarily modify configuration files. The vulnerability requires prior authentication and affects the integrity of system configurations, potentially enabling unauthorized reconfiguration of industrial control settings.
Summary generated and translated by AI from the official description.
An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to arbitrarily alter the content of a configuration file.
See SEL Service Bulletin dated 2022-11-15 for more details.
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:L
Affected products
Schweitzer Engineering Laboratories · SEL-2241 RTAC moduleSchweitzer Engineering Laboratories · SEL-3350Schweitzer Engineering Laboratories · SEL-3505Schweitzer Engineering Laboratories · SEL-3505-3Schweitzer Engineering Laboratories · SEL-3530Schweitzer Engineering Laboratories · SEL-3530-4Schweitzer Engineering Laboratories · SEL-3532Schweitzer Engineering Laboratories · SEL-3555Schweitzer Engineering Laboratories · SEL-3560ESchweitzer Engineering Laboratories · SEL-3560SWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →