CVE-2023-31177

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in the Schweitzer Engineering Laboratories SEL-451 could allow an attacker to craft a link that could execute arbitrary code on a victim's system.



See product Instruction Manual Appendix A dated 20230830 for more details.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
SELCNA
4.3 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
VendorProductVersion
selincsel-451_firmware
r315-v0 ≤
𝑥
< r315-v4
selincsel-451_firmware
r316-v0 ≤
𝑥
< r316-v4
selincsel-451_firmware
r317-v0 ≤
𝑥
< r317-v4
selincsel-451_firmware
r318-v0 ≤
𝑥
< r318-v5
selincsel-451_firmware
r320-v0 ≤
𝑥
< r320-v3
selincsel-451_firmware
r321-v0 ≤
𝑥
< r321-v3
selincsel-451_firmware
r322-v0 ≤
𝑥
< r322-v3
selincsel-451_firmware
r323-v0 ≤
𝑥
< r323-v5
selincsel-451_firmware
r324-v0 ≤
𝑥
< r324-v4
selincsel-451_firmware
r325-v0 ≤
𝑥
< r325-v3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://selinc.com/support/security-notifications/external-reports/
https://www.nozominetworks.com/blog/
https://selinc.com/support/security-notifications/external-reports/
https://www.nozominetworks.com/blog/