CVE-2023-31166
Improper Limitation of a Pathname to a Restricted Directory
In short
A vulnerability in the SEL RTAC Web Interface allows an authenticated user to create folders in any location on the server's file system, bypassing normal restrictions. This could be exploited to disrupt system operations or prepare for further attacks.
Technical detail
A path traversal vulnerability in the SEL RTAC Web Interface fails to properly validate user-supplied pathnames, allowing authenticated attackers to create directories outside intended restricted directories. The vulnerability requires prior authentication and could enable arbitrary file system manipulation with potential impact on system integrity and availability.
Summary generated and translated by AI from the official description.
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to create folders in arbitrary paths of the file system.
See SEL Service Bulletin dated 2022-11-15 for more details.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N
Affected products
Schweitzer Engineering Laboratories · SEL-2241 RTAC moduleSchweitzer Engineering Laboratories · SEL-3350Schweitzer Engineering Laboratories · SEL-3505Schweitzer Engineering Laboratories · SEL-3505-3Schweitzer Engineering Laboratories · SEL-3530Schweitzer Engineering Laboratories · SEL-3530-4Schweitzer Engineering Laboratories · SEL-3532Schweitzer Engineering Laboratories · SEL-3555Schweitzer Engineering Laboratories · SEL-3560ESchweitzer Engineering Laboratories · SEL-3560SWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →