Headline
CVE-2023-31166: Security Notifications - Issues Reported by External Organization or Individuals
An Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to create folders in arbitrary paths of the file system.
See SEL Service Bulletin dated 2022-11-15 for more details.
Vulnerabilities are disclosed to SEL customers in three ways:
- For high-risk vulnerabilities—through a Service Bulletin
- For other vulnerabilities—through a revision to Appendix A of the affected product’s instruction manual
- For software products—through an addition to the Latest Software Versions page on the SEL website
After our private customer notification process is complete, we publish information about vulnerabilities reported to SEL as Security Notifications.
CVE ID
Description
Assigning CNA
Date Recorded
Please note, this notification listing is not a complete record of all product vulnerability disclosures or cybersecurity feature enhancements and includes only issues reported to SEL by external organizations or individuals.
Related news
Nine security flaws have been disclosed in electric power management products made by Schweitzer Engineering Laboratories (SEL). “The most severe of those nine vulnerabilities would allow a threat actor to facilitate remote code execution (RCE) on an engineering workstation,” Nozomi Networks said in a report published last week. The issues, tracked as CVE-2023-34392 and from CVE-2023-31168