CVE-2023-31151 - Vulnerability Details

Vendors	Products
Selinc	Sel-2241 Rtac Module Sel-2241 Rtac Module Firmware Sel-3350 Sel-3350 Firmware Sel-3505 Sel-3505-3 Sel-3505-3 Firmware Sel-3505 Firmware Sel-3530 Sel-3530-4 Sel-3530-4 Firmware Sel-3530 Firmware Sel-3532 Sel-3532 Firmware Sel-3555 Sel-3555 Firmware Sel-3560e Sel-3560e Firmware Sel-3560s Sel-3560s Firmware

Link	Providers
https://selinc.com/support/security-notifications/external-reports/
https://www.nozominetworks.com/blog/

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-31151", "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699", "state": "PUBLISHED", "assignerShortName": "SEL", "dateReserved": "2023-04-24T23:19:04.957Z", "datePublished": "2023-05-10T19:21:30.649Z", "dateUpdated": "2025-01-24T19:04:04.464Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["Web management interface"], "platforms": ["Linux"], "product": "SEL-3505", "vendor": "Schweitzer Engineering Laboratories", "versions": [{"lessThan": "R150-V2", "status": "affected", "version": "R147-V0", "versionType": "custom"}, {"lessThan": "R149-V4", "status": "affected", "version": "R147-V0", "versionType": "custom"}, {"lessThan": "R148-V7", "status": "affected", "version": "R147-V0", "versionType": "custom"}, {"lessThan": "R147-V6", "status": "affected", "version": "R147-V0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["Web management interface"], "platforms": ["Linux"], "product": "SEL-3505-3", "vendor": "Schweitzer Engineering Laboratories", "versions": [{"lessThan": "R150-V2", "status": "affected", "version": "R147-V0", "versionType": "custom"}, {"lessThan": "R149-V4", "status": "affected", "version": "R147-V0", "versionType": "custom"}, {"lessThan": "R148-V7", "status": "affected", "version": "R147-V0", "versionType": "custom"}, {"lessThan": "R147-V6", "status": "affected", "version": "R147-V0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["Web management interface"], "platforms": ["Linux"], "product": "SEL-3530", "vendor": "Schweitzer Engineering Laboratories", "versions": [{"lessThan": "R150-V2", "status": "affected", "version": "R147-V0", "versionType": "custom"}, {"lessThan": "R149-V4", "status": "affected", "version": "R147-V0", "versionType": "custom"}, {"lessThan": "R148-V7", "status": "affected", "version": "R147-V0", "versionType": "custom"}, {"lessThan": "R147-V6", "status": "affected", "version": "R147-V0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["Web management interface"], "platforms": ["Linux"], "product": "SEL-3530-4", "vendor": "Schweitzer Engineering Laboratories", "versions": [{"lessThan": "R150-V2", "status": "affected", "version": "R147-V0", "versionType": "custom"}, {"lessThan": "R149-V4", "status": "affected", "version": "R147-V0", "versionType": "custom"}, {"lessThan": "R148-V7", "status": "affected", "version": "R147-V0", "versionType": "custom"}, {"lessThan": "R147-V6", "status": "affected", "version": "R147-V0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["Web management interface"], "platforms": ["Linux"], "product": "SEL-3532", "vendor": "Schweitzer Engineering Laboratories", "versions": [{"lessThan": "R150-V2", "status": "affected", "version": "R147-V0", "versionType": "custom"}, {"lessThan": "R149-V4", "status": "affected", "version": "R147-V0", "versionType": "custom"}, {"lessThan": "R148-V7", "status": "affected", "version": "R147-V0", "versionType": "custom"}, {"lessThan": "R147-V6", "status": "affected", "version": "R147-V0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["Web management interface"], "platforms": ["Linux"], "product": "SEL-3555", "vendor": "Schweitzer Engineering Laboratories", "versions": [{"lessThan": "R150-V2", "status": "affected", "version": "R147-V0", "versionType": "custom"}, {"lessThan": "R149-V4", "status": "affected", "version": "R147-V0", "versionType": "custom"}, {"lessThan": "R148-V7", "status": "affected", "version": "R147-V0", "versionType": "custom"}, {"lessThan": "R147-V6", "status": "affected", "version": "R147-V0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["Web management interface"], "platforms": ["Linux"], "product": "SEL-3560S", "vendor": "Schweitzer Engineering Laboratories", "versions": [{"lessThan": "R150-V2", "status": "affected", "version": "R147-V0", "versionType": "custom"}, {"lessThan": "R149-V4", "status": "affected", "version": "R147-V0", "versionType": "custom"}, {"lessThan": "R148-V7", "status": "affected", "version": "R147-V0", "versionType": "custom"}, {"lessThan": "R147-V6", "status": "affected", "version": "R147-V0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["Web management interface"], "platforms": ["Linux"], "product": "SEL-3560E", "vendor": "Schweitzer Engineering Laboratories", "versions": [{"lessThan": "R150-V2", "status": "affected", "version": "R147-V0", "versionType": "custom"}, {"lessThan": "R149-V4", "status": "affected", "version": "R147-V0", "versionType": "custom"}, {"lessThan": "R148-V7", "status": "affected", "version": "R147-V0", "versionType": "custom"}, {"lessThan": "R147-V6", "status": "affected", "version": "R147-V0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["Web management interface"], "platforms": ["Linux"], "product": "SEL-2241 RTAC module", "vendor": "Schweitzer Engineering Laboratories", "versions": [{"lessThan": "R150-V2", "status": "affected", "version": "R147-V0", "versionType": "custom"}, {"lessThan": "R149-V4", "status": "affected", "version": "R147-V0", "versionType": "custom"}, {"lessThan": "R148-V7", "status": "affected", "version": "R147-V0", "versionType": "custom"}, {"lessThan": "R147-V6", "status": "affected", "version": "R147-V0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["Web management interface"], "platforms": ["Linux"], "product": "SEL-3350", "vendor": "Schweitzer Engineering Laboratories", "versions": [{"lessThan": "R150-V2", "status": "affected", "version": "R148-V0", "versionType": "custom"}, {"lessThan": "R149-V4", "status": "affected", "version": "R148-V0", "versionType": "custom"}, {"lessThan": "R148-V7", "status": "affected", "version": "R148-V0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Andrea Palanca, Nozomi Networks"}], "datePublic": "2023-05-10T07:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An Improper Certificate Validation vulnerability \n\nin the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface\n\ncould allow a remote unauthenticated attacker to conduct a man-in-the-middle (MitM) attack.<br><p>See SEL Service Bulletin dated 2022-11-15 for more details.\n\n<br></p>"}], "value": "An Improper Certificate Validation vulnerability \n\nin the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface\n\ncould allow a remote unauthenticated attacker to conduct a man-in-the-middle (MitM) attack.\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n"}], "impacts": [{"capecId": "CAPEC-94", "descriptions": [{"lang": "en", "value": "CAPEC-94 Man in the Middle Attack"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-295", "description": "CWE-295 Improper Certificate Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "5804bb70-792c-43e0-8596-486cc0efe699", "shortName": "SEL", "dateUpdated": "2023-05-10T19:21:30.649Z"}, "references": [{"url": "https://selinc.com/support/security-notifications/external-reports/"}, {"url": "https://www.nozominetworks.com/blog/"}], "source": {"discovery": "EXTERNAL"}, "title": "Improper Certificate Validation", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:45:25.853Z"}, "title": "CVE Program Container", "references": [{"url": "https://selinc.com/support/security-notifications/external-reports/", "tags": ["x_transferred"]}, {"url": "https://www.nozominetworks.com/blog/", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-24T19:04:00.595043Z", "id": "CVE-2023-31151", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-24T19:04:04.464Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2023-31151 (string)

assignerOrgId : 5804bb70-792c-43e0-8596-486cc0efe699 (string)

state : PUBLISHED (string)

assignerShortName : SEL (string)

dateReserved : 2023-04-24T23:19:04.957Z (string)

datePublished : 2023-05-10T19:21:30.649Z (string)

dateUpdated : 2025-01-24T19:04:04.464Z (string)

}

containers : { »

cna : { »

affected : [ »

0 : { »

defaultStatus : unaffected (string)

modules : [ »

0 : Web management interface (string)

]

platforms : [ »

0 : Linux (string)

]

product : SEL-3505 (string)

vendor : Schweitzer Engineering Laboratories (string)

versions : [ »

0 : { »

lessThan : R150-V2 (string)

status : affected (string)

version : R147-V0 (string)

versionType : custom (string)

}

1 : { »

lessThan : R149-V4 (string)

status : affected (string)

version : R147-V0 (string)

versionType : custom (string)

}

2 : { »

lessThan : R148-V7 (string)

status : affected (string)

version : R147-V0 (string)

versionType : custom (string)

}

3 : { »

lessThan : R147-V6 (string)

status : affected (string)

version : R147-V0 (string)

versionType : custom (string)

}

]

}

1 : { »

defaultStatus : unaffected (string)

modules : [ »

0 : Web management interface (string)

]

platforms : [ »

0 : Linux (string)

]

product : SEL-3505-3 (string)

vendor : Schweitzer Engineering Laboratories (string)

versions : [ »

0 : { »

lessThan : R150-V2 (string)

status : affected (string)

version : R147-V0 (string)

versionType : custom (string)

}

1 : { »

lessThan : R149-V4 (string)

status : affected (string)

version : R147-V0 (string)

versionType : custom (string)

}

2 : { »

lessThan : R148-V7 (string)

status : affected (string)

version : R147-V0 (string)

versionType : custom (string)

}

3 : { »

lessThan : R147-V6 (string)

status : affected (string)

version : R147-V0 (string)

versionType : custom (string)

}

]

}

2 : { »

defaultStatus : unaffected (string)

modules : [ »

0 : Web management interface (string)

]

platforms : [ »

0 : Linux (string)

]

product : SEL-3530 (string)

vendor : Schweitzer Engineering Laboratories (string)

versions : [ »

0 : { »

lessThan : R150-V2 (string)

status : affected (string)

version : R147-V0 (string)

versionType : custom (string)

}

1 : { »

lessThan : R149-V4 (string)

status : affected (string)

version : R147-V0 (string)

versionType : custom (string)

}

2 : { »

lessThan : R148-V7 (string)

status : affected (string)

version : R147-V0 (string)

versionType : custom (string)

}

3 : { »

lessThan : R147-V6 (string)

status : affected (string)

version : R147-V0 (string)

versionType : custom (string)

}

]

}

3 : { »

defaultStatus : unaffected (string)

modules : [ »

0 : Web management interface (string)

]

platforms : [ »

0 : Linux (string)

]

product : SEL-3530-4 (string)

vendor : Schweitzer Engineering Laboratories (string)

versions : [ »

0 : { »

lessThan : R150-V2 (string)

status : affected (string)

version : R147-V0 (string)

versionType : custom (string)

}

1 : { »

lessThan : R149-V4 (string)

status : affected (string)

version : R147-V0 (string)

versionType : custom (string)

}

2 : { »

lessThan : R148-V7 (string)

status : affected (string)

version : R147-V0 (string)

versionType : custom (string)

}

3 : { »

lessThan : R147-V6 (string)

status : affected (string)

version : R147-V0 (string)

versionType : custom (string)

}

]

}

4 : { »

defaultStatus : unaffected (string)

modules : [ »

0 : Web management interface (string)

]

platforms : [ »

0 : Linux (string)

]

product : SEL-3532 (string)

vendor : Schweitzer Engineering Laboratories (string)

versions : [ »

0 : { »

lessThan : R150-V2 (string)

status : affected (string)

version : R147-V0 (string)

versionType : custom (string)

}

1 : { »

lessThan : R149-V4 (string)

status : affected (string)

version : R147-V0 (string)

versionType : custom (string)

}

2 : { »

lessThan : R148-V7 (string)

status : affected (string)

version : R147-V0 (string)

versionType : custom (string)

}

3 : { »

lessThan : R147-V6 (string)

status : affected (string)

version : R147-V0 (string)

versionType : custom (string)

}

]

}

5 : { »

defaultStatus : unaffected (string)

modules : [ »

0 : Web management interface (string)

]

platforms : [ »

0 : Linux (string)

]

product : SEL-3555 (string)

vendor : Schweitzer Engineering Laboratories (string)

versions : [ »

0 : { »

lessThan : R150-V2 (string)

status : affected (string)

version : R147-V0 (string)

versionType : custom (string)

}

1 : { »

lessThan : R149-V4 (string)

status : affected (string)

version : R147-V0 (string)

versionType : custom (string)

}

2 : { »

lessThan : R148-V7 (string)

status : affected (string)

version : R147-V0 (string)

versionType : custom (string)

}

3 : { »

lessThan : R147-V6 (string)

status : affected (string)

version : R147-V0 (string)

versionType : custom (string)

}

]

}

6 : { »

defaultStatus : unaffected (string)

modules : [ »

0 : Web management interface (string)

]

platforms : [ »

0 : Linux (string)

]

product : SEL-3560S (string)

vendor : Schweitzer Engineering Laboratories (string)

versions : [ »

0 : { »

lessThan : R150-V2 (string)

status : affected (string)

version : R147-V0 (string)

versionType : custom (string)

}

1 : { »

lessThan : R149-V4 (string)

status : affected (string)

version : R147-V0 (string)

versionType : custom (string)

}

2 : { »

lessThan : R148-V7 (string)

status : affected (string)

version : R147-V0 (string)

versionType : custom (string)

}

3 : { »

lessThan : R147-V6 (string)

status : affected (string)

version : R147-V0 (string)

versionType : custom (string)

}

]

}

7 : { »

defaultStatus : unaffected (string)

modules : [ »

0 : Web management interface (string)

]

platforms : [ »

0 : Linux (string)

]

product : SEL-3560E (string)

vendor : Schweitzer Engineering Laboratories (string)

versions : [ »

0 : { »

lessThan : R150-V2 (string)

status : affected (string)

version : R147-V0 (string)

versionType : custom (string)

}

1 : { »

lessThan : R149-V4 (string)

status : affected (string)

version : R147-V0 (string)

versionType : custom (string)

}

2 : { »

lessThan : R148-V7 (string)

status : affected (string)

version : R147-V0 (string)

versionType : custom (string)

}

3 : { »

lessThan : R147-V6 (string)

status : affected (string)

version : R147-V0 (string)

versionType : custom (string)

}

]

}

8 : { »

defaultStatus : unaffected (string)

modules : [ »

0 : Web management interface (string)

]

platforms : [ »

0 : Linux (string)

]

product : SEL-2241 RTAC module (string)

vendor : Schweitzer Engineering Laboratories (string)

versions : [ »

0 : { »

lessThan : R150-V2 (string)

status : affected (string)

version : R147-V0 (string)

versionType : custom (string)

}

1 : { »

lessThan : R149-V4 (string)

status : affected (string)

version : R147-V0 (string)

versionType : custom (string)

}

2 : { »

lessThan : R148-V7 (string)

status : affected (string)

version : R147-V0 (string)

versionType : custom (string)

}

3 : { »

lessThan : R147-V6 (string)

status : affected (string)

version : R147-V0 (string)

versionType : custom (string)

}

]

}

9 : { »

defaultStatus : unaffected (string)

modules : [ »

0 : Web management interface (string)

]

platforms : [ »

0 : Linux (string)

]

product : SEL-3350 (string)

vendor : Schweitzer Engineering Laboratories (string)

versions : [ »

0 : { »

lessThan : R150-V2 (string)

status : affected (string)

version : R148-V0 (string)

versionType : custom (string)

}

1 : { »

lessThan : R149-V4 (string)

status : affected (string)

version : R148-V0 (string)

versionType : custom (string)

}

2 : { »

lessThan : R148-V7 (string)

status : affected (string)

version : R148-V0 (string)

versionType : custom (string)

}

]

}

]

credits : [ »

0 : { »

lang : en (string)

type : reporter (string)

user : 00000000-0000-4000-9000-000000000000 (string)

value : Andrea Palanca, Nozomi Networks (string)

}

]

datePublic : 2023-05-10T07:00:00.000Z (string)

descriptions : [ »

0 : { »

lang : en (string)

supportingMedia : [ »

0 : { »

base64 : false (boolean)

type : text/html (string)

value : An Improper Certificate Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote unauthenticated attacker to conduct a man-in-the-middle (MitM) attack. See SEL Service Bulletin dated 2022-11-15 for more details. (string)

}

]

value : An Improper Certificate Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote unauthenticated attacker to conduct a man-in-the-middle (MitM) attack. See SEL Service Bulletin dated 2022-11-15 for more details. (string)

}

]

impacts : [ »

0 : { »

capecId : CAPEC-94 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : CAPEC-94 Man in the Middle Attack (string)

}

]

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

attackComplexity : HIGH (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 4.7 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : NONE (string)

scope : CHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N (string)

version : 3.1 (string)

}

format : CVSS (string)

scenarios : [ »

0 : { »

lang : en (string)

value : GENERAL (string)

}

]

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-295 (string)

description : CWE-295 Improper Certificate Validation (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

orgId : 5804bb70-792c-43e0-8596-486cc0efe699 (string)

shortName : SEL (string)

dateUpdated : 2023-05-10T19:21:30.649Z (string)

}

references : [ »

0 : { »

url : https://selinc.com/support/security-notifications/external-reports/ (string)

}

1 : { »

url : https://www.nozominetworks.com/blog/ (string)

}

]

source : { »

discovery : EXTERNAL (string)

}

title : Improper Certificate Validation (string)

x_generator : { »

engine : Vulnogram 0.1.0-dev (string)

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T14:45:25.853Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://selinc.com/support/security-notifications/external-reports/ (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://www.nozominetworks.com/blog/ (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

1 : { »

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2025-01-24T19:04:00.595043Z (string)

id : CVE-2023-31151 (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2025-01-24T19:04:04.464Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://selinc.com/support/security-notifications/external-reports/", "tags": ["x_transferred"]}, {"url": "https://www.nozominetworks.com/blog/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:45:25.853Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-31151", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-24T19:04:00.595043Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-24T19:03:54.551Z"}}], "cna": {"title": "Improper Certificate Validation", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Andrea Palanca, Nozomi Networks"}], "impacts": [{"capecId": "CAPEC-94", "descriptions": [{"lang": "en", "value": "CAPEC-94 Man in the Middle Attack"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Schweitzer Engineering Laboratories", "modules": ["Web management interface"], "product": "SEL-3505", "versions": [{"status": "affected", "version": "R147-V0", "lessThan": "R150-V2", "versionType": "custom"}, {"status": "affected", "version": "R147-V0", "lessThan": "R149-V4", "versionType": "custom"}, {"status": "affected", "version": "R147-V0", "lessThan": "R148-V7", "versionType": "custom"}, {"status": "affected", "version": "R147-V0", "lessThan": "R147-V6", "versionType": "custom"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}, {"vendor": "Schweitzer Engineering Laboratories", "modules": ["Web management interface"], "product": "SEL-3505-3", "versions": [{"status": "affected", "version": "R147-V0", "lessThan": "R150-V2", "versionType": "custom"}, {"status": "affected", "version": "R147-V0", "lessThan": "R149-V4", "versionType": "custom"}, {"status": "affected", "version": "R147-V0", "lessThan": "R148-V7", "versionType": "custom"}, {"status": "affected", "version": "R147-V0", "lessThan": "R147-V6", "versionType": "custom"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}, {"vendor": "Schweitzer Engineering Laboratories", "modules": ["Web management interface"], "product": "SEL-3530", "versions": [{"status": "affected", "version": "R147-V0", "lessThan": "R150-V2", "versionType": "custom"}, {"status": "affected", "version": "R147-V0", "lessThan": "R149-V4", "versionType": "custom"}, {"status": "affected", "version": "R147-V0", "lessThan": "R148-V7", "versionType": "custom"}, {"status": "affected", "version": "R147-V0", "lessThan": "R147-V6", "versionType": "custom"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}, {"vendor": "Schweitzer Engineering Laboratories", "modules": ["Web management interface"], "product": "SEL-3530-4", "versions": [{"status": "affected", "version": "R147-V0", "lessThan": "R150-V2", "versionType": "custom"}, {"status": "affected", "version": "R147-V0", "lessThan": "R149-V4", "versionType": "custom"}, {"status": "affected", "version": "R147-V0", "lessThan": "R148-V7", "versionType": "custom"}, {"status": "affected", "version": "R147-V0", "lessThan": "R147-V6", "versionType": "custom"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}, {"vendor": "Schweitzer Engineering Laboratories", "modules": ["Web management interface"], "product": "SEL-3532", "versions": [{"status": "affected", "version": "R147-V0", "lessThan": "R150-V2", "versionType": "custom"}, {"status": "affected", "version": "R147-V0", "lessThan": "R149-V4", "versionType": "custom"}, {"status": "affected", "version": "R147-V0", "lessThan": "R148-V7", "versionType": "custom"}, {"status": "affected", "version": "R147-V0", "lessThan": "R147-V6", "versionType": "custom"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}, {"vendor": "Schweitzer Engineering Laboratories", "modules": ["Web management interface"], "product": "SEL-3555", "versions": [{"status": "affected", "version": "R147-V0", "lessThan": "R150-V2", "versionType": "custom"}, {"status": "affected", "version": "R147-V0", "lessThan": "R149-V4", "versionType": "custom"}, {"status": "affected", "version": "R147-V0", "lessThan": "R148-V7", "versionType": "custom"}, {"status": "affected", "version": "R147-V0", "lessThan": "R147-V6", "versionType": "custom"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}, {"vendor": "Schweitzer Engineering Laboratories", "modules": ["Web management interface"], "product": "SEL-3560S", "versions": [{"status": "affected", "version": "R147-V0", "lessThan": "R150-V2", "versionType": "custom"}, {"status": "affected", "version": "R147-V0", "lessThan": "R149-V4", "versionType": "custom"}, {"status": "affected", "version": "R147-V0", "lessThan": "R148-V7", "versionType": "custom"}, {"status": "affected", "version": "R147-V0", "lessThan": "R147-V6", "versionType": "custom"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}, {"vendor": "Schweitzer Engineering Laboratories", "modules": ["Web management interface"], "product": "SEL-3560E", "versions": [{"status": "affected", "version": "R147-V0", "lessThan": "R150-V2", "versionType": "custom"}, {"status": "affected", "version": "R147-V0", "lessThan": "R149-V4", "versionType": "custom"}, {"status": "affected", "version": "R147-V0", "lessThan": "R148-V7", "versionType": "custom"}, {"status": "affected", "version": "R147-V0", "lessThan": "R147-V6", "versionType": "custom"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}, {"vendor": "Schweitzer Engineering Laboratories", "modules": ["Web management interface"], "product": "SEL-2241 RTAC module", "versions": [{"status": "affected", "version": "R147-V0", "lessThan": "R150-V2", "versionType": "custom"}, {"status": "affected", "version": "R147-V0", "lessThan": "R149-V4", "versionType": "custom"}, {"status": "affected", "version": "R147-V0", "lessThan": "R148-V7", "versionType": "custom"}, {"status": "affected", "version": "R147-V0", "lessThan": "R147-V6", "versionType": "custom"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}, {"vendor": "Schweitzer Engineering Laboratories", "modules": ["Web management interface"], "product": "SEL-3350", "versions": [{"status": "affected", "version": "R148-V0", "lessThan": "R150-V2", "versionType": "custom"}, {"status": "affected", "version": "R148-V0", "lessThan": "R149-V4", "versionType": "custom"}, {"status": "affected", "version": "R148-V0", "lessThan": "R148-V7", "versionType": "custom"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}], "datePublic": "2023-05-10T07:00:00.000Z", "references": [{"url": "https://selinc.com/support/security-notifications/external-reports/"}, {"url": "https://www.nozominetworks.com/blog/"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An Improper Certificate Validation vulnerability \n\nin the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface\n\ncould allow a remote unauthenticated attacker to conduct a man-in-the-middle (MitM) attack.\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n", "supportingMedia": [{"type": "text/html", "value": "An Improper Certificate Validation vulnerability \n\nin the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface\n\ncould allow a remote unauthenticated attacker to conduct a man-in-the-middle (MitM) attack.<br><p>See SEL Service Bulletin dated 2022-11-15 for more details.\n\n<br></p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-295", "description": "CWE-295 Improper Certificate Validation"}]}], "providerMetadata": {"orgId": "5804bb70-792c-43e0-8596-486cc0efe699", "shortName": "SEL", "dateUpdated": "2023-05-10T19:21:30.649Z"}}}, "cveMetadata": {"cveId": "CVE-2023-31151", "state": "PUBLISHED", "dateUpdated": "2025-01-24T19:04:04.464Z", "dateReserved": "2023-04-24T23:19:04.957Z", "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699", "datePublished": "2023-05-10T19:21:30.649Z", "assignerShortName": "SEL"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://selinc.com/support/security-notifications/external-reports/ (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://www.nozominetworks.com/blog/ (string)

tags : [ »

0 : x_transferred (string)

]

}

]

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T14:45:25.853Z (string)

}

1 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2023-31151 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2025-01-24T19:04:00.595043Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2025-01-24T19:03:54.551Z (string)

}

]

cna : { »

title : Improper Certificate Validation (string)

source : { »

discovery : EXTERNAL (string)

}

credits : [ »

0 : { »

lang : en (string)

type : reporter (string)

user : 00000000-0000-4000-9000-000000000000 (string)

value : Andrea Palanca, Nozomi Networks (string)

}

]

impacts : [ »

0 : { »

capecId : CAPEC-94 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : CAPEC-94 Man in the Middle Attack (string)

}

]

}

]

metrics : [ »

0 : { »

format : CVSS (string)

cvssV3_1 : { »

scope : CHANGED (string)

version : 3.1 (string)

baseScore : 4.7 (number)

attackVector : NETWORK (string)

baseSeverity : MEDIUM (string)

vectorString : CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N (string)

integrityImpact : LOW (string)

userInteraction : REQUIRED (string)

attackComplexity : HIGH (string)

availabilityImpact : NONE (string)

privilegesRequired : NONE (string)

confidentialityImpact : LOW (string)

}

scenarios : [ »

0 : { »

lang : en (string)

value : GENERAL (string)

}

]

}

]

affected : [ »

0 : { »

vendor : Schweitzer Engineering Laboratories (string)

modules : [ »

0 : Web management interface (string)

]

product : SEL-3505 (string)

versions : [ »

0 : { »

status : affected (string)

version : R147-V0 (string)

lessThan : R150-V2 (string)

versionType : custom (string)

}

1 : { »

status : affected (string)

version : R147-V0 (string)

lessThan : R149-V4 (string)

versionType : custom (string)

}

2 : { »

status : affected (string)

version : R147-V0 (string)

lessThan : R148-V7 (string)

versionType : custom (string)

}

3 : { »

status : affected (string)

version : R147-V0 (string)

lessThan : R147-V6 (string)

versionType : custom (string)

}

]

platforms : [ »

0 : Linux (string)

]

defaultStatus : unaffected (string)

}

1 : { »

vendor : Schweitzer Engineering Laboratories (string)

modules : [ »

0 : Web management interface (string)

]

product : SEL-3505-3 (string)

versions : [ »

0 : { »

status : affected (string)

version : R147-V0 (string)

lessThan : R150-V2 (string)

versionType : custom (string)

}

1 : { »

status : affected (string)

version : R147-V0 (string)

lessThan : R149-V4 (string)

versionType : custom (string)

}

2 : { »

status : affected (string)

version : R147-V0 (string)

lessThan : R148-V7 (string)

versionType : custom (string)

}

3 : { »

status : affected (string)

version : R147-V0 (string)

lessThan : R147-V6 (string)

versionType : custom (string)

}

]

platforms : [ »

0 : Linux (string)

]

defaultStatus : unaffected (string)

}

2 : { »

vendor : Schweitzer Engineering Laboratories (string)

modules : [ »

0 : Web management interface (string)

]

product : SEL-3530 (string)

versions : [ »

0 : { »

status : affected (string)

version : R147-V0 (string)

lessThan : R150-V2 (string)

versionType : custom (string)

}

1 : { »

status : affected (string)

version : R147-V0 (string)

lessThan : R149-V4 (string)

versionType : custom (string)

}

2 : { »

status : affected (string)

version : R147-V0 (string)

lessThan : R148-V7 (string)

versionType : custom (string)

}

3 : { »

status : affected (string)

version : R147-V0 (string)

lessThan : R147-V6 (string)

versionType : custom (string)

}

]

platforms : [ »

0 : Linux (string)

]

defaultStatus : unaffected (string)

}

3 : { »

vendor : Schweitzer Engineering Laboratories (string)

modules : [ »

0 : Web management interface (string)

]

product : SEL-3530-4 (string)

versions : [ »

0 : { »

status : affected (string)

version : R147-V0 (string)

lessThan : R150-V2 (string)

versionType : custom (string)

}

1 : { »

status : affected (string)

version : R147-V0 (string)

lessThan : R149-V4 (string)

versionType : custom (string)

}

2 : { »

status : affected (string)

version : R147-V0 (string)

lessThan : R148-V7 (string)

versionType : custom (string)

}

3 : { »

status : affected (string)

version : R147-V0 (string)

lessThan : R147-V6 (string)

versionType : custom (string)

}

]

platforms : [ »

0 : Linux (string)

]

defaultStatus : unaffected (string)

}

4 : { »

vendor : Schweitzer Engineering Laboratories (string)

modules : [ »

0 : Web management interface (string)

]

product : SEL-3532 (string)

versions : [ »

0 : { »

status : affected (string)

version : R147-V0 (string)

lessThan : R150-V2 (string)

versionType : custom (string)

}

1 : { »

status : affected (string)

version : R147-V0 (string)

lessThan : R149-V4 (string)

versionType : custom (string)

}

2 : { »

status : affected (string)

version : R147-V0 (string)

lessThan : R148-V7 (string)

versionType : custom (string)

}

3 : { »

status : affected (string)

version : R147-V0 (string)

lessThan : R147-V6 (string)

versionType : custom (string)

}

]

platforms : [ »

0 : Linux (string)

]

defaultStatus : unaffected (string)

}

5 : { »

vendor : Schweitzer Engineering Laboratories (string)

modules : [ »

0 : Web management interface (string)

]

product : SEL-3555 (string)

versions : [ »

0 : { »

status : affected (string)

version : R147-V0 (string)

lessThan : R150-V2 (string)

versionType : custom (string)

}

1 : { »

status : affected (string)

version : R147-V0 (string)

lessThan : R149-V4 (string)

versionType : custom (string)

}

2 : { »

status : affected (string)

version : R147-V0 (string)

lessThan : R148-V7 (string)

versionType : custom (string)

}

3 : { »

status : affected (string)

version : R147-V0 (string)

lessThan : R147-V6 (string)

versionType : custom (string)

}

]

platforms : [ »

0 : Linux (string)

]

defaultStatus : unaffected (string)

}

6 : { »

vendor : Schweitzer Engineering Laboratories (string)

modules : [ »

0 : Web management interface (string)

]

product : SEL-3560S (string)

versions : [ »

0 : { »

status : affected (string)

version : R147-V0 (string)

lessThan : R150-V2 (string)

versionType : custom (string)

}

1 : { »

status : affected (string)

version : R147-V0 (string)

lessThan : R149-V4 (string)

versionType : custom (string)

}

2 : { »

status : affected (string)

version : R147-V0 (string)

lessThan : R148-V7 (string)

versionType : custom (string)

}

3 : { »

status : affected (string)

version : R147-V0 (string)

lessThan : R147-V6 (string)

versionType : custom (string)

}

]

platforms : [ »

0 : Linux (string)

]

defaultStatus : unaffected (string)

}

7 : { »

vendor : Schweitzer Engineering Laboratories (string)

modules : [ »

0 : Web management interface (string)

]

product : SEL-3560E (string)

versions : [ »

0 : { »

status : affected (string)

version : R147-V0 (string)

lessThan : R150-V2 (string)

versionType : custom (string)

}

1 : { »

status : affected (string)

version : R147-V0 (string)

lessThan : R149-V4 (string)

versionType : custom (string)

}

2 : { »

status : affected (string)

version : R147-V0 (string)

lessThan : R148-V7 (string)

versionType : custom (string)

}

3 : { »

status : affected (string)

version : R147-V0 (string)

lessThan : R147-V6 (string)

versionType : custom (string)

}

]

platforms : [ »

0 : Linux (string)

]

defaultStatus : unaffected (string)

}

8 : { »

vendor : Schweitzer Engineering Laboratories (string)

modules : [ »

0 : Web management interface (string)

]

product : SEL-2241 RTAC module (string)

versions : [ »

0 : { »

status : affected (string)

version : R147-V0 (string)

lessThan : R150-V2 (string)

versionType : custom (string)

}

1 : { »

status : affected (string)

version : R147-V0 (string)

lessThan : R149-V4 (string)

versionType : custom (string)

}

2 : { »

status : affected (string)

version : R147-V0 (string)

lessThan : R148-V7 (string)

versionType : custom (string)

}

3 : { »

status : affected (string)

version : R147-V0 (string)

lessThan : R147-V6 (string)

versionType : custom (string)

}

]

platforms : [ »

0 : Linux (string)

]

defaultStatus : unaffected (string)

}

9 : { »

vendor : Schweitzer Engineering Laboratories (string)

modules : [ »

0 : Web management interface (string)

]

product : SEL-3350 (string)

versions : [ »

0 : { »

status : affected (string)

version : R148-V0 (string)

lessThan : R150-V2 (string)

versionType : custom (string)

}

1 : { »

status : affected (string)

version : R148-V0 (string)

lessThan : R149-V4 (string)

versionType : custom (string)

}

2 : { »

status : affected (string)

version : R148-V0 (string)

lessThan : R148-V7 (string)

versionType : custom (string)

}

]

platforms : [ »

0 : Linux (string)

]

defaultStatus : unaffected (string)

}

]

datePublic : 2023-05-10T07:00:00.000Z (string)

references : [ »

0 : { »

url : https://selinc.com/support/security-notifications/external-reports/ (string)

}

1 : { »

url : https://www.nozominetworks.com/blog/ (string)

}

]

x_generator : { »

engine : Vulnogram 0.1.0-dev (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : An Improper Certificate Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote unauthenticated attacker to conduct a man-in-the-middle (MitM) attack. See SEL Service Bulletin dated 2022-11-15 for more details. (string)

supportingMedia : [ »

0 : { »

type : text/html (string)

value : An Improper Certificate Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote unauthenticated attacker to conduct a man-in-the-middle (MitM) attack. See SEL Service Bulletin dated 2022-11-15 for more details. (string)

base64 : false (boolean)

}

]

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : CWE (string)

cweId : CWE-295 (string)

description : CWE-295 Improper Certificate Validation (string)

}

]

}

]

providerMetadata : { »

orgId : 5804bb70-792c-43e0-8596-486cc0efe699 (string)

shortName : SEL (string)

dateUpdated : 2023-05-10T19:21:30.649Z (string)

}

cveMetadata : { »

cveId : CVE-2023-31151 (string)

state : PUBLISHED (string)

dateUpdated : 2025-01-24T19:04:04.464Z (string)

dateReserved : 2023-04-24T23:19:04.957Z (string)

assignerOrgId : 5804bb70-792c-43e0-8596-486cc0efe699 (string)

datePublished : 2023-05-10T19:21:30.649Z (string)

assignerShortName : SEL (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:selinc:sel-2241_rtac_module_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB329AB0-9D1C-4D59-B8BE-D04DF89B9CB6", "versionEndExcluding": "r150-v2", "versionStartIncluding": "r147-v0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:selinc:sel-2241_rtac_module:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE4A1AB9-1190-4620-BF97-4A5569E74310", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:selinc:sel-3350_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "490EC90A-C8C4-4AEA-90E8-DA1C6D11932C", "versionEndExcluding": "r150-v2", "versionStartIncluding": "r148-v0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:selinc:sel-3350:-:*:*:*:*:*:*:*", "matchCriteriaId": "FCA7F410-7F74-4EF1-913E-7B34674716DC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:selinc:sel-3505_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "20A834EB-DE61-4C04-A2D9-E1650E774DB2", "versionEndExcluding": "r150-v2", "versionStartIncluding": "r147-v0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:selinc:sel-3505:-:*:*:*:*:*:*:*", "matchCriteriaId": "14D78E73-46F2-4D00-A75B-909752E36EB4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:selinc:sel-3505-3_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "01FAF35B-5F98-4C36-B4F9-0C86FD4320CA", "versionEndExcluding": "r150-v2", "versionStartIncluding": "r147-v0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:selinc:sel-3505-3:-:*:*:*:*:*:*:*", "matchCriteriaId": "8A479C2B-F691-4E04-B551-9F631E5A2A0F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:selinc:sel-3530_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6226FB3D-260D-4F8B-B7D3-B9EA50D80855", "versionEndExcluding": "r150-v2", "versionStartIncluding": "r147-v0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:selinc:sel-3530:-:*:*:*:*:*:*:*", "matchCriteriaId": "8E56BC08-9C49-4614-8F52-3413B804A128", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:selinc:sel-3530-4_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EC6D5138-45BB-4297-AAC6-78236C0A1487", "versionEndExcluding": "r150-v2", "versionStartIncluding": "r147-v0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:selinc:sel-3530-4:-:*:*:*:*:*:*:*", "matchCriteriaId": "BB424E1B-2AE3-449E-9AA1-2AF48C1920FB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:selinc:sel-3532_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E536C912-E3A2-4344-9162-7E00F8C4298D", "versionEndExcluding": "r150-v2", "versionStartIncluding": "r147-v0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:selinc:sel-3532:-:*:*:*:*:*:*:*", "matchCriteriaId": "E573857F-C6DC-4E59-8F5B-4C51ED4D69DB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:selinc:sel-3555_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0646EA5-FC40-4601-8958-47F0255EDA9F", "versionEndExcluding": "r150-v2", "versionStartIncluding": "r147-v0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:selinc:sel-3555:-:*:*:*:*:*:*:*", "matchCriteriaId": "282F6DB1-4B0F-424F-B5E4-0827F1E7EE6F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:selinc:sel-3560e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "052FF575-FDDE-4C78-97C5-97D1712F8785", "versionEndExcluding": "r150-v2", "versionStartIncluding": "r147-v0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:selinc:sel-3560e:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3EB8694-DC56-4E35-9659-B2787F872E08", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:selinc:sel-3560s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "15CCDC18-5789-4B05-8944-9C87B1F58DEC", "versionEndExcluding": "r150-v2", "versionStartIncluding": "r147-v0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:selinc:sel-3560s:-:*:*:*:*:*:*:*", "matchCriteriaId": "F9D2A4A4-B81E-4034-863D-900D95166543", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An Improper Certificate Validation vulnerability \n\nin the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface\n\ncould allow a remote unauthenticated attacker to conduct a man-in-the-middle (MitM) attack.\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n"}], "id": "CVE-2023-31151", "lastModified": "2024-11-21T08:01:30.033", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 2.7, "source": "security@selinc.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-05-10T20:15:10.147", "references": [{"source": "security@selinc.com", "tags": ["Vendor Advisory"], "url": "https://selinc.com/support/security-notifications/external-reports/"}, {"source": "security@selinc.com", "tags": ["Third Party Advisory"], "url": "https://www.nozominetworks.com/blog/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://selinc.com/support/security-notifications/external-reports/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.nozominetworks.com/blog/"}], "sourceIdentifier": "security@selinc.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "security@selinc.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:selinc:sel-2241_rtac_module_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : FB329AB0-9D1C-4D59-B8BE-D04DF89B9CB6 (string)

versionEndExcluding : r150-v2 (string)

versionStartIncluding : r147-v0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:selinc:sel-2241_rtac_module:-:*:*:*:*:*:*:* (string)

matchCriteriaId : FE4A1AB9-1190-4620-BF97-4A5569E74310 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:selinc:sel-3350_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 490EC90A-C8C4-4AEA-90E8-DA1C6D11932C (string)

versionEndExcluding : r150-v2 (string)

versionStartIncluding : r148-v0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:selinc:sel-3350:-:*:*:*:*:*:*:* (string)

matchCriteriaId : FCA7F410-7F74-4EF1-913E-7B34674716DC (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:selinc:sel-3505_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 20A834EB-DE61-4C04-A2D9-E1650E774DB2 (string)

versionEndExcluding : r150-v2 (string)

versionStartIncluding : r147-v0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:selinc:sel-3505:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 14D78E73-46F2-4D00-A75B-909752E36EB4 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

3 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:selinc:sel-3505-3_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 01FAF35B-5F98-4C36-B4F9-0C86FD4320CA (string)

versionEndExcluding : r150-v2 (string)

versionStartIncluding : r147-v0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:selinc:sel-3505-3:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 8A479C2B-F691-4E04-B551-9F631E5A2A0F (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

4 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:selinc:sel-3530_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 6226FB3D-260D-4F8B-B7D3-B9EA50D80855 (string)

versionEndExcluding : r150-v2 (string)

versionStartIncluding : r147-v0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:selinc:sel-3530:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 8E56BC08-9C49-4614-8F52-3413B804A128 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

5 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:selinc:sel-3530-4_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : EC6D5138-45BB-4297-AAC6-78236C0A1487 (string)

versionEndExcluding : r150-v2 (string)

versionStartIncluding : r147-v0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:selinc:sel-3530-4:-:*:*:*:*:*:*:* (string)

matchCriteriaId : BB424E1B-2AE3-449E-9AA1-2AF48C1920FB (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

6 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:selinc:sel-3532_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : E536C912-E3A2-4344-9162-7E00F8C4298D (string)

versionEndExcluding : r150-v2 (string)

versionStartIncluding : r147-v0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:selinc:sel-3532:-:*:*:*:*:*:*:* (string)

matchCriteriaId : E573857F-C6DC-4E59-8F5B-4C51ED4D69DB (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

7 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:selinc:sel-3555_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : D0646EA5-FC40-4601-8958-47F0255EDA9F (string)

versionEndExcluding : r150-v2 (string)

versionStartIncluding : r147-v0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:selinc:sel-3555:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 282F6DB1-4B0F-424F-B5E4-0827F1E7EE6F (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

8 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:selinc:sel-3560e_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 052FF575-FDDE-4C78-97C5-97D1712F8785 (string)

versionEndExcluding : r150-v2 (string)

versionStartIncluding : r147-v0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:selinc:sel-3560e:-:*:*:*:*:*:*:* (string)

matchCriteriaId : A3EB8694-DC56-4E35-9659-B2787F872E08 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

9 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:selinc:sel-3560s_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 15CCDC18-5789-4B05-8944-9C87B1F58DEC (string)

versionEndExcluding : r150-v2 (string)

versionStartIncluding : r147-v0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:selinc:sel-3560s:-:*:*:*:*:*:*:* (string)

matchCriteriaId : F9D2A4A4-B81E-4034-863D-900D95166543 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : An Improper Certificate Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote unauthenticated attacker to conduct a man-in-the-middle (MitM) attack. See SEL Service Bulletin dated 2022-11-15 for more details. (string)

}

]

id : CVE-2023-31151 (string)

lastModified : 2024-11-21T08:01:30.033 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : HIGH (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 4.7 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : NONE (string)

scope : CHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 1.6 (number)

impactScore : 2.7 (number)

source : security@selinc.com (string)

type : Secondary (string)

}

1 : { »

cvssData : { »

attackComplexity : HIGH (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 4.2 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 1.6 (number)

impactScore : 2.5 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2023-05-10T20:15:10.147 (string)

references : [ »

0 : { »

source : security@selinc.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://selinc.com/support/security-notifications/external-reports/ (string)

}

1 : { »

source : security@selinc.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://www.nozominetworks.com/blog/ (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://selinc.com/support/security-notifications/external-reports/ (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://www.nozominetworks.com/blog/ (string)

}

]

sourceIdentifier : security@selinc.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-295 (string)

}

]

source : security@selinc.com (string)

type : Secondary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-295 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object