Filtered by vendor Selinc
Subscribe
Search
Total
16 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-2264 | 1 Selinc | 2 Sel-411l, Sel-411l Firmware | 2023-12-06 | N/A | 7.8 HIGH |
| An improper input validation vulnerability in the Schweitzer Engineering Laboratories SEL-411L could allow a malicious actor to manipulate authorized users to click on a link that could allow undesired behavior. See product Instruction Manual Appendix A dated 20230830 for more details. | |||||
| CVE-2023-2267 | 1 Selinc | 2 Sel-411l, Sel-411l Firmware | 2023-12-06 | N/A | 5.4 MEDIUM |
| An Improper Input Validation vulnerability in Schweitzer Engineering Laboratories SEL-411L could allow an attacker to perform reflection attacks against an authorized and authenticated user. See product Instruction Manual Appendix A dated 20230830 for more details. | |||||
| CVE-2023-2265 | 1 Selinc | 2 Sel-411l, Sel-411l Firmware | 2023-12-06 | N/A | 6.1 MEDIUM |
| An Improper Restriction of Rendered UI Layers or Frames in the Schweitzer Engineering Laboratories SEL-411L could allow an unauthenticated attacker to perform clickjacking based attacks against an authenticated and authorized user. See product Instruction Manual Appendix A dated 20230830 for more details. | |||||
| CVE-2023-2266 | 1 Selinc | 2 Sel-411l, Sel-411l Firmware | 2023-12-06 | N/A | 6.1 MEDIUM |
| An Improper neutralization of input during web page generation in the Schweitzer Engineering Laboratories SEL-411L could allow an attacker to generate cross-site scripting based attacks against an authorized and authenticated user. See product Instruction Manual Appendix A dated 20230830 for more details. | |||||
| CVE-2023-31177 | 1 Selinc | 2 Sel-451, Sel-451 Firmware | 2023-12-06 | N/A | 6.1 MEDIUM |
| An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in the Schweitzer Engineering Laboratories SEL-451 could allow an attacker to craft a link that could execute arbitrary code on a victim's system. See product Instruction Manual Appendix A dated 20230830 for more details. | |||||
| CVE-2023-31176 | 1 Selinc | 2 Sel-451, Sel-451 Firmware | 2023-12-06 | N/A | 9.8 CRITICAL |
| An Insufficient Entropy vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow an unauthenticated remote attacker to brute-force session tokens and bypass authentication. See product Instruction Manual Appendix A dated 20230830 for more details. | |||||
| CVE-2023-34390 | 1 Selinc | 2 Sel-451, Sel-451 Firmware | 2023-12-06 | N/A | 6.5 MEDIUM |
| An input validation vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to create a denial of service against the system and locking out services. See product Instruction Manual Appendix A dated 20230830 for more details. | |||||
| CVE-2023-34388 | 1 Selinc | 2 Sel-451, Sel-451 Firmware | 2023-12-06 | N/A | 9.8 CRITICAL |
| An Improper Authentication vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote unauthenticated attacker to potentially perform session hijacking attack and bypass authentication. See product Instruction Manual Appendix A dated 20230830 for more details. | |||||
| CVE-2023-34389 | 1 Selinc | 2 Sel-451, Sel-451 Firmware | 2023-12-06 | N/A | 6.5 MEDIUM |
| An allocation of resources without limits or throttling vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to make the system unavailable for an indefinite amount of time. See product Instruction Manual Appendix A dated 20230830 for more details. | |||||
| CVE-2018-10604 | 1 Selinc | 1 Sel Compass | 2020-08-31 | 6.5 MEDIUM | 8.8 HIGH |
| SEL Compass version 3.0.5.1 and prior allows all users full access to the SEL Compass directory, which may allow modification or overwriting of files within the Compass installation folder, resulting in escalation of privilege and/or malicious code execution. | |||||
| CVE-2018-10600 | 1 Selinc | 1 Acselerator Architect | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| SEL AcSELerator Architect version 2.2.24.0 and prior allows unsanitized input to be passed to the XML parser, which may allow disclosure and retrieval of arbitrary data, arbitrary code execution (in certain situations on specific platforms), and denial of service attacks. | |||||
| CVE-2017-7928 | 1 Selinc | 4 Sel-3620, Sel-3620 Firmware, Sel-3622 and 1 more | 2019-10-09 | 7.5 HIGH | 10.0 CRITICAL |
| An Improper Access Control issue was discovered in Schweitzer Engineering Laboratories (SEL) SEL-3620 and SEL-3622 Security Gateway Versions R202 and, R203, R203-V1, R203-V2 and, R204, R204-V1. The device does not properly enforce access control while configured for NAT port forwarding, which may allow for unauthorized communications to downstream devices. | |||||
| CVE-2018-10608 | 1 Selinc | 1 Acselerator Architect | 2019-05-17 | 7.8 HIGH | 7.5 HIGH |
| SEL AcSELerator Architect version 2.2.24.0 and prior can be exploited when the AcSELerator Architect FTP client connects to a malicious FTP server, which may cause denial of service via 100% CPU utilization. Restart of the application is required. | |||||
| CVE-2013-2798 | 1 Selinc | 4 Sel-2241, Sel-3505, Sel-3530 and 1 more | 2013-08-12 | 4.7 MEDIUM | N/A |
| Schweitzer Engineering Laboratories (SEL) SEL-2241, SEL-3505, and SEL-3530 RTAC master devices allow physically proximate attackers to cause a denial of service (infinite loop) via crafted input over a serial line. | |||||
| CVE-2013-2792 | 1 Selinc | 4 Sel-2241, Sel-3505, Sel-3530 and 1 more | 2013-08-12 | 7.1 HIGH | N/A |
| Schweitzer Engineering Laboratories (SEL) SEL-2241, SEL-3505, and SEL-3530 RTAC master devices allow remote attackers to cause a denial of service (infinite loop) via a crafted DNP3 TCP packet. | |||||
| CVE-2013-0665 | 1 Selinc | 1 Acselerator Quickset | 2013-03-21 | 6.2 MEDIUM | N/A |
| Schweitzer Engineering Laboratories (SEL) AcSELerator QuickSet before 5.12.0.1 uses weak permissions for its Program Files directory, which allows local users to replace executable files, and consequently gain privileges, via standard filesystem operations. | |||||