CVE-2023-31165
Improper Neutralization of Input During Web Page Generation
In short
A flaw in the Schweitzer Engineering Laboratories RTAC web interface allows an authenticated user to inject malicious script code that runs in other users' browsers, potentially stealing information or performing unwanted actions.
Technical detail
Cross-site Scripting (XSS) vulnerability in SEL RTAC Web Interface due to improper input sanitization during HTML generation. Attack requires authentication and user interaction (victim visiting crafted page). Impact includes session hijacking, credential theft, and unauthorized actions within the application context.
Summary generated and translated by AI from the official description.
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
Affected products
Schweitzer Engineering Laboratories · SEL-2241 RTAC moduleSchweitzer Engineering Laboratories · SEL-3350Schweitzer Engineering Laboratories · SEL-3505Schweitzer Engineering Laboratories · SEL-3505-3Schweitzer Engineering Laboratories · SEL-3530Schweitzer Engineering Laboratories · SEL-3530-4Schweitzer Engineering Laboratories · SEL-3532Schweitzer Engineering Laboratories · SEL-3555Schweitzer Engineering Laboratories · SEL-3560ESchweitzer Engineering Laboratories · SEL-3560SWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →