Filtered by vendor Selinc
Subscribe
Total
47 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-31176 | 1 Selinc | 2 Sel-451, Sel-451 Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
| An Insufficient Entropy vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow an unauthenticated remote attacker to brute-force session tokens and bypass authentication. See product Instruction Manual Appendix A dated 20230830 for more details. | |||||
| CVE-2023-34389 | 1 Selinc | 2 Sel-451, Sel-451 Firmware | 2023-12-10 | N/A | 6.5 MEDIUM |
| An allocation of resources without limits or throttling vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to make the system unavailable for an indefinite amount of time. See product Instruction Manual Appendix A dated 20230830 for more details. | |||||
| CVE-2023-2266 | 1 Selinc | 2 Sel-411l, Sel-411l Firmware | 2023-12-10 | N/A | 6.1 MEDIUM |
| An Improper neutralization of input during web page generation in the Schweitzer Engineering Laboratories SEL-411L could allow an attacker to generate cross-site scripting based attacks against an authorized and authenticated user. See product Instruction Manual Appendix A dated 20230830 for more details. | |||||
| CVE-2023-31177 | 1 Selinc | 2 Sel-451, Sel-451 Firmware | 2023-12-10 | N/A | 6.1 MEDIUM |
| An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in the Schweitzer Engineering Laboratories SEL-451 could allow an attacker to craft a link that could execute arbitrary code on a victim's system. See product Instruction Manual Appendix A dated 20230830 for more details. | |||||
| CVE-2023-2265 | 1 Selinc | 2 Sel-411l, Sel-411l Firmware | 2023-12-10 | N/A | 6.1 MEDIUM |
| An Improper Restriction of Rendered UI Layers or Frames in the Schweitzer Engineering Laboratories SEL-411L could allow an unauthenticated attacker to perform clickjacking based attacks against an authenticated and authorized user. See product Instruction Manual Appendix A dated 20230830 for more details. | |||||
| CVE-2023-2267 | 1 Selinc | 2 Sel-411l, Sel-411l Firmware | 2023-12-10 | N/A | 5.4 MEDIUM |
| An Improper Input Validation vulnerability in Schweitzer Engineering Laboratories SEL-411L could allow an attacker to perform reflection attacks against an authorized and authenticated user. See product Instruction Manual Appendix A dated 20230830 for more details. | |||||
| CVE-2023-34390 | 1 Selinc | 2 Sel-451, Sel-451 Firmware | 2023-12-10 | N/A | 6.5 MEDIUM |
| An input validation vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to create a denial of service against the system and locking out services. See product Instruction Manual Appendix A dated 20230830 for more details. | |||||
| CVE-2023-34388 | 1 Selinc | 2 Sel-451, Sel-451 Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
| An Improper Authentication vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote unauthenticated attacker to potentially perform session hijacking attack and bypass authentication. See product Instruction Manual Appendix A dated 20230830 for more details. | |||||
| CVE-2023-2264 | 1 Selinc | 2 Sel-411l, Sel-411l Firmware | 2023-12-10 | N/A | 7.8 HIGH |
| An improper input validation vulnerability in the Schweitzer Engineering Laboratories SEL-411L could allow a malicious actor to manipulate authorized users to click on a link that could allow undesired behavior. See product Instruction Manual Appendix A dated 20230830 for more details. | |||||
| CVE-2023-31175 | 1 Selinc | 1 Sel-5037 Sel Grid Configurator | 2023-12-10 | N/A | 9.8 CRITICAL |
| An Execution with Unnecessary Privileges vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run system commands with the highest level privilege on the system. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20. | |||||
| CVE-2023-34391 | 2 Microsoft, Selinc | 2 Windows, Sel-5033 Acselerator Real-time Automation Controller | 2023-12-10 | N/A | 5.5 MEDIUM |
| Insecure Inherited Permissions vulnerability in Schweitzer Engineering Laboratories SEL-5033 AcSELerator RTAC Software on Windows allows Leveraging/Manipulating Configuration File Search Paths. See Instruction Manual Appendix A [Cybersecurity] tag dated 20230522 for more details. This issue affects SEL-5033 AcSELerator RTAC Software: before 1.35.151.21000. | |||||
| CVE-2023-31173 | 2 Microsoft, Selinc | 2 Windows, Sel-5037 Sel Grid Configurator | 2023-12-10 | N/A | 8.4 HIGH |
| Use of Hard-coded Credentials vulnerability in Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator on Windows allows Authentication Bypass. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20. | |||||
| CVE-2023-31172 | 1 Selinc | 1 Sel-5030 Acselerator Quickset | 2023-12-10 | N/A | 7.4 HIGH |
| An Incomplete Filtering of Special Elements vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0. | |||||
| CVE-2023-31168 | 1 Selinc | 1 Sel-5030 Acselerator Quickset | 2023-12-10 | N/A | 6.5 MEDIUM |
| An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0. | |||||
| CVE-2023-31174 | 1 Selinc | 1 Sel-5037 Sel Grid Configurator | 2023-12-10 | N/A | 6.5 MEDIUM |
| A Cross-Site Request Forgery (CSRF) vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20. | |||||
| CVE-2023-31170 | 1 Selinc | 1 Sel-5030 Acselerator Quickset | 2023-12-10 | N/A | 6.5 MEDIUM |
| An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0. | |||||
| CVE-2023-31169 | 1 Selinc | 1 Sel-5030 Acselerator Quickset | 2023-12-10 | N/A | 5.7 MEDIUM |
| An Improper Handling of Unicode Encoding vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0. | |||||
| CVE-2023-31167 | 2 Microsoft, Selinc | 2 Windows, Sel-5036 Acselerator Bay Screen Builder | 2023-12-10 | N/A | 8.1 HIGH |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Schweitzer Engineering Laboratories SEL-5036 acSELerator Bay Screen Builder Software on Windows allows Relative Path Traversal. SEL acSELerator Bay Screen Builder software is distributed by SEL-5033 SEL acSELerator RTAC, SEL-5030 Quickset, and SEL Compass. CVE-2023-31167 and was patched in the acSELerator Bay Screen Builder release available on 20230602. Please contact SEL for additional details. This issue affects SEL-5036 acSELerator Bay Screen Builder Software: before 1.0.49152.778. | |||||
| CVE-2023-31171 | 1 Selinc | 1 Sel-5030 Acselerator Quickset | 2023-12-10 | N/A | 6.5 MEDIUM |
| An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0. | |||||
| CVE-2023-34392 | 1 Selinc | 1 Sel-5037 Sel Grid Configurator | 2023-12-10 | N/A | 8.8 HIGH |
| A Missing Authentication for Critical Function vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run arbitrary commands on managed devices by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20. | |||||