CVE-2023-34388
Improper authentication could lead to session hijacking
In short
The SEL-451 device has a flaw in how it checks if users are really who they claim to be. An attacker on the network could fake being a legitimate user and take over someone else's session without needing a password.
Technical detail
CWE-287 improper authentication in SEL-451 allows remote unauthenticated attackers to hijack valid sessions and bypass authentication controls. The vulnerability enables session takeover without valid credentials, potentially granting unauthorized access to device functions and configurations.
Summary generated and translated by AI from the official description.
An Improper Authentication vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote unauthenticated attacker to potentially perform session hijacking attack and bypass authentication.
See product Instruction Manual Appendix A dated 20230830 for more details.
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected products
Schweitzer Engineering Laboratories · SEL-451Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →