CVE-2023-34392
Missing Authentication for Critical Function
In short
The SEL-5037 SEL Grid Configurator fails to properly verify user identity before allowing critical operations, letting attackers run unauthorized commands on managed devices if they can access the tool.
Technical detail
Missing authentication controls on critical functions in SEL-5037 versions before 4.5.0.20 allow unauthenticated or insufficiently authenticated attackers to execute arbitrary commands on managed devices. An authorized device operator context may be assumed, but authentication bypass enables unauthorized command execution with high impact on system integrity and availability.
Summary generated and translated by AI from the official description.
A Missing Authentication for Critical Function vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run arbitrary commands on managed devices by an authorized device operator.
See Instruction Manual Appendix A and Appendix E dated 20230615 for more details.
This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20.
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Affected products
Schweitzer Engineering Laboratories · SEL-5037 SEL Grid ConfiguratorWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →