An Improper Handling of Unicode Encoding vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software co…
An Improper Handling of Unicode Encoding vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.
The product does not properly handle when an input contains Unicode encoding.
https://cwe.mitre.org/data/definitions/176.html →Open in CWE collection →An attacker may provide a Unicode string to a system component that is not Unicode aware and use that to circumvent the filter or cause the classifying mechanism to fail to properly understanding the request. That may allow the attacker to slip malicious data past the content filter and/or possibly cause the application to route the request incorrectly.
https://capec.mitre.org/data/definitions/71.html →Open in CAPEC collection →| Product | Vendor | Status |
|---|---|---|
| sel-5030_acselerator_quickset | * | Tracked |