Lucene search

SELCVELIST:CVE-2023-34392

HistoryAug 31, 2023 - 3:31 p.m.

CVE-2023-34392 Missing Authentication for Critical Function

2023-08-3115:31:57

CWE-306

SEL

www.cve.org

cve-2023-34392

missing authentication

critical function

schweitzer engineering laboratories

arbitrary commands

managed devices

authorized device operator

instruction manual

appendix a

appendix e

sel-5037 grid configurator

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.002

Percentile

54.0%

JSON

A Missing Authentication for Critical Function vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run arbitrary commands on managed devices by an authorized device operator.

See Instruction Manual Appendix A and Appendix E dated 20230615 for more details.

This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "SEL-5037 SEL Grid Configurator",
    "vendor": "Schweitzer Engineering Laboratories",
    "versions": [
      {
        "lessThan": "4.5.0.20",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

selinc.com/support/security-notifications/external-reports/

www.nozominetworks.com/blog/

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.002

Percentile

54.0%

JSON

Related for CVELIST:CVE-2023-34392