Lucene search

SELCVELIST:CVE-2023-34390

HistoryNov 30, 2023 - 4:54 p.m.

CVE-2023-34390 Improper input validation could lead to denial of service

2023-11-3016:54:54

CWE-20

SEL

www.cve.org

input validation

schweitzer engineering laboratories

remote attacker

denial of service

instruction manual

CVSS3

4.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

29.6%

JSON

An input validation vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to create a denial of service against the system and locking out services.

See product Instruction Manual Appendix A dated 20230830 for more details.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SEL-451",
    "vendor": "Schweitzer Engineering Laboratories",
    "versions": [
      {
        "lessThan": "R315-V4",
        "status": "affected",
        "version": "R315-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R316-V4",
        "status": "affected",
        "version": "R316-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R317-V4",
        "status": "affected",
        "version": "R317-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R318-V5",
        "status": "affected",
        "version": "R318-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R320-V3",
        "status": "affected",
        "version": "R320-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R321-V3",
        "status": "affected",
        "version": "R321-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R322-V3",
        "status": "affected",
        "version": "R322-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R323-V5",
        "status": "affected",
        "version": "R323-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R324-V4",
        "status": "affected",
        "version": "R324-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R325-V3",
        "status": "affected",
        "version": "R325-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R326-V1",
        "status": "affected",
        "version": "R326-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R327-V1",
        "status": "affected",
        "version": "R327-V0",
        "versionType": "custom"
      }
    ]
  }
]

References

selinc.com/support/security-notifications/external-reports/

www.nozominetworks.com/blog/

CVSS3

4.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

29.6%

JSON

Related for CVELIST:CVE-2023-34390