Lucene search

SELCVELIST:CVE-2023-31173

HistoryAug 31, 2023 - 3:30 p.m.

CVE-2023-31173 Use of Hard-coded Credentials

2023-08-3115:30:58

CWE-798

SEL

www.cve.org

schweitzer engineering labs

sel-5037

grid configurator

windows

authentication bypass

cve-2023-31173

CVSS3

7.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

21.5%

JSON

Use of Hard-coded Credentials vulnerability in Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator on Windows allows Authentication Bypass.

See Instruction Manual Appendix A and Appendix E dated 20230615 for more details.

This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "SEL-5037 SEL Grid Configurator",
    "vendor": "Schweitzer Engineering Laboratories",
    "versions": [
      {
        "lessThan": "4.5.0.20",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

selinc.com/support/security-notifications/external-reports/

www.nozominetworks.com/blog/

CVSS3

7.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

21.5%

JSON

Related for CVELIST:CVE-2023-31173