Vulnerabilities > Selinc > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-10 | CVE-2023-31158 | Cross-site Scripting vulnerability in Selinc products An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details. | 5.4 |
| 2023-05-10 | CVE-2023-31159 | Cross-site Scripting vulnerability in Selinc products An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details. | 5.4 |
| 2023-05-10 | CVE-2023-31160 | Cross-site Scripting vulnerability in Selinc products An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details. | 5.4 |
| 2023-05-10 | CVE-2023-31162 | Improper Input Validation vulnerability in Selinc products An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to arbitrarily alter the content of a configuration file. See SEL Service Bulletin dated 2022-11-15 for more details. | 4.3 |
| 2023-05-10 | CVE-2023-31163 | Cross-site Scripting vulnerability in Selinc products An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details. | 5.4 |
| 2023-05-10 | CVE-2023-31164 | Cross-site Scripting vulnerability in Selinc products An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details. | 5.4 |
| 2023-05-10 | CVE-2023-31165 | Cross-site Scripting vulnerability in Selinc products An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details. | 5.4 |
| 2023-05-10 | CVE-2023-31166 | Path Traversal vulnerability in Selinc products An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to create folders in arbitrary paths of the file system. See SEL Service Bulletin dated 2022-11-15 for more details. | 4.3 |
| 2018-07-24 | CVE-2018-10604 | Incorrect Default Permissions vulnerability in Selinc SEL Compass 3.0.5.1 SEL Compass version 3.0.5.1 and prior allows all users full access to the SEL Compass directory, which may allow modification or overwriting of files within the Compass installation folder, resulting in escalation of privilege and/or malicious code execution. | 6.5 |
| 2013-08-09 | CVE-2013-2798 | Improper Input Validation vulnerability in Selinc products Schweitzer Engineering Laboratories (SEL) SEL-2241, SEL-3505, and SEL-3530 RTAC master devices allow physically proximate attackers to cause a denial of service (infinite loop) via crafted input over a serial line. | 4.7 |