Lucene search

SELCVELIST:CVE-2023-34388

HistoryNov 30, 2023 - 4:54 p.m.

CVE-2023-34388 Improper authentication could lead to session hijacking

2023-11-3016:54:08

CWE-287

SEL

www.cve.org

cve-2023-34388

schweitzer engineering laboratories

session hijacking

authentication vulnerability

remote attacker

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

9.7

Confidence

High

EPSS

0.001

Percentile

50.9%

JSON

An Improper Authentication vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote unauthenticated attacker to potentially perform session hijacking attack and bypass authentication.

See product Instruction Manual Appendix A dated 20230830 for more details.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SEL-451",
    "vendor": "Schweitzer Engineering Laboratories",
    "versions": [
      {
        "lessThan": "R315-V4",
        "status": "affected",
        "version": "R315-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R316-V4",
        "status": "affected",
        "version": "R316-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R317-V4",
        "status": "affected",
        "version": "R317-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R318-V5",
        "status": "affected",
        "version": "R318-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R320-V3",
        "status": "affected",
        "version": "R320-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R321-V3",
        "status": "affected",
        "version": "R321-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R322-V3",
        "status": "affected",
        "version": "R322-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R323-V5",
        "status": "affected",
        "version": "R323-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R324-V4",
        "status": "affected",
        "version": "R324-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R325-V3",
        "status": "affected",
        "version": "R325-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R326-V1",
        "status": "affected",
        "version": "R326-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R327-V1",
        "status": "affected",
        "version": "R327-V0",
        "versionType": "custom"
      }
    ]
  }
]

References

selinc.com/support/security-notifications/external-reports/

www.nozominetworks.com/blog/

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

9.7

Confidence

High

EPSS

0.001

Percentile

50.9%

JSON

Related for CVELIST:CVE-2023-34388