CVE-2024-2103
Inclusion of Undocumented Features
In short
Schweitzer Engineering Laboratories relays contain hidden, undocumented features that can be accessed by users with administrator privileges, potentially causing the relay to behave unpredictably or malfunction.
Technical detail
CWE-1242 addresses inclusion of undocumented features in protected firmware/hardware. An authenticated attacker with privileged access can invoke these hidden functions to trigger unexpected relay behavior, affecting critical power protection infrastructure; exploitation requires administrative credentials and direct system access.
Summary generated and translated by AI from the official description.
Inclusion of undocumented features vulnerability accessible when logged on with a privileged access level on the following Schweitzer Engineering Laboratories relays could allow the relay to behave unpredictably:
SEL-700BT Motor Bus Transfer Relay, SEL-700G Generator Protection Relay, SEL-710-5 Motor Protection Relay, SEL-751 Feeder Protection Relay, SEL-787-2/-3/-4 Transformer Protection Relay, SEL-787Z High-Impedance Differential Relay
. See product instruction manual appendix A dated 20240308 for more details regarding the SEL-751 Feeder Protection Relay. For more information for the other affected products, see their instruction manuals dated 20240329.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Affected products
Schweitzer Engineering Laboratories · SEL-700BT Motor Bus Transfer RelaySchweitzer Engineering Laboratories · SEL-700G Generator Protection RelaySchweitzer Engineering Laboratories · SEL-751 Feeder Protection RelaySchweitzer Engineering Laboratories · SEL-787-2/-3/-4 Transformer Protection RelaySchweitzer Engineering Laboratories · SEL-787Z High-Impedance Differential RelaySEL-710-5 Motor Protection Relay · SEL-710-5 Motor Protection RelayWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →