CVE-2023-2310 : A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer Engineering

A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer Engineering Laboratories SEL Real-Time Automation Controller (RTAC) could allow a remote attacker to perform a man-in-the-middle (MiTM) that could result in denial of service. See the ACSELERATOR RTAC SEL-5033 Software instruction manual date code 20210915 for more details.

Published 2023-05-10 20:15:10

Updated 2023-05-17 19:47:47

Source Schweitzer Engineering Laboratories, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2023-2310

Selinc » Sel-2241 Rtac Module Firmware
Versions from including (>=) r113-v0 and before (<) r150-v2
cpe:2.3:o:selinc:sel-2241_rtac_module_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Selinc » Sel-2241 Rtac Module » Version: N/A
Selinc » Sel-3350 Firmware
Versions from including (>=) r148-v0 and before (<) r150-v2
cpe:2.3:o:selinc:sel-3350_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Selinc » Sel-3350 » Version: N/A
Selinc » Sel-3505 Firmware
Versions from including (>=) r119-v0 and before (<) r150-v2
cpe:2.3:o:selinc:sel-3505_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Selinc » Sel-3505 » Version: N/A
Selinc » Sel-3505-3 Firmware
Versions from including (>=) r132-v0 and before (<) r150-v2
cpe:2.3:o:selinc:sel-3505-3_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Selinc » Sel-3505-3 » Version: N/A
Selinc » Sel-3530 Firmware
Versions from including (>=) r100-v0 and before (<) r150-v2
cpe:2.3:o:selinc:sel-3530_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Selinc » Sel-3530 » Version: N/A
Selinc » Sel-3530-4 Firmware
Versions from including (>=) r108-v0 and before (<) r150-v2
cpe:2.3:o:selinc:sel-3530-4_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Selinc » Sel-3530-4 » Version: N/A
Selinc » Sel-3532 Firmware
Versions from including (>=) r132-v0 and before (<) r150-v2
cpe:2.3:o:selinc:sel-3532_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Selinc » Sel-3532 » Version: N/A
Selinc » Sel-3555 Firmware
Versions from including (>=) r134-v0 and before (<) r150-v2
cpe:2.3:o:selinc:sel-3555_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Selinc » Sel-3555 » Version: N/A
Selinc » Sel-3560e Firmware
Versions from including (>=) r144-v2 and before (<) r150-v2
cpe:2.3:o:selinc:sel-3560e_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Selinc » Sel-3560e » Version: N/A
Selinc » Sel-3560s Firmware
Versions from including (>=) r144-v2 and before (<) r150-v2
cpe:2.3:o:selinc:sel-3560s_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Selinc » Sel-3560s » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2023-2310

EPSS FAQ

0.57%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 66 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-2310

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.3	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H	1.6	3.6	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: None Availability: High
6.8	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H	1.6	5.2	Schweitzer Engineering Laboratories, Inc.
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: High Availability: High

CWE ids for CVE-2023-2310

CWE-300 Channel Accessible by Non-Endpoint

The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint.

Assigned by: security@selinc.com (Secondary)

References for CVE-2023-2310

https://selinc.com/support/security-notifications/external-reports/

Security Notifications - Issues Reported by External Organization or Individuals
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2023-2310

Products affected by CVE-2023-2310

Exploit prediction scoring system (EPSS) score for CVE-2023-2310

CVSS scores for CVE-2023-2310

CWE ids for CVE-2023-2310

References for CVE-2023-2310