Vulnerabilities > Selinc > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-30 | CVE-2023-2264 | Unspecified vulnerability in Selinc Sel-411L Firmware An improper input validation vulnerability in the Schweitzer Engineering Laboratories SEL-411L could allow a malicious actor to manipulate authorized users to click on a link that could allow undesired behavior. See product Instruction Manual Appendix A dated 20230830 for more details. | 7.8 |
| 2023-08-31 | CVE-2023-31167 | Path Traversal vulnerability in Selinc Sel-5036 Acselerator BAY Screen Builder Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Schweitzer Engineering Laboratories SEL-5036 acSELerator Bay Screen Builder Software on Windows allows Relative Path Traversal. SEL acSELerator Bay Screen Builder software is distributed by SEL-5033 SEL acSELerator RTAC, SEL-5030 Quickset, and SEL Compass. | 8.1 |
| 2023-08-31 | CVE-2023-31172 | Unspecified vulnerability in Selinc Sel-5030 Acselerator Quickset An Incomplete Filtering of Special Elements vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0. | 7.4 |
| 2023-08-31 | CVE-2023-31173 | Use of Hard-coded Credentials vulnerability in Selinc Sel-5037 SEL Grid Configurator Use of Hard-coded Credentials vulnerability in Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator on Windows allows Authentication Bypass. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20. | 8.4 |
| 2023-08-31 | CVE-2023-34392 | Missing Authentication for Critical Function vulnerability in Selinc Sel-5037 SEL Grid Configurator A Missing Authentication for Critical Function vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run arbitrary commands on managed devices by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20. | 8.8 |
| 2023-05-10 | CVE-2023-31148 | Improper Input Validation vulnerability in Selinc products An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code. See SEL Service Bulletin dated 2022-11-15 for more details. | 8.8 |
| 2023-05-10 | CVE-2023-31149 | Improper Input Validation vulnerability in Selinc products An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code. See SEL Service Bulletin dated 2022-11-15 for more details. | 8.8 |
| 2023-05-10 | CVE-2023-31152 | Improper Authentication vulnerability in Selinc products An Authentication Bypass Using an Alternate Path or Channel vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface allows Authentication Bypass. | 8.8 |
| 2023-05-10 | CVE-2023-31161 | Improper Input Validation vulnerability in Selinc products An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow an authenticated remote attacker to use internal resources, allowing a variety of potential effects. See SEL Service Bulletin dated 2022-11-15 for more details. | 8.8 |
| 2018-07-24 | CVE-2018-10608 | Resource Exhaustion vulnerability in Selinc Acselerator Architect 2.2.24.0 SEL AcSELerator Architect version 2.2.24.0 and prior can be exploited when the AcSELerator Architect FTP client connects to a malicious FTP server, which may cause denial of service via 100% CPU utilization. | 7.8 |