CVE-2023-34392

Name of the Vulnerable Software and Affected Versions Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator versions prior to 4.5.0.20

Description A Missing Authentication for Critical Function issue could allow an attacker to run arbitrary commands on managed devices by an authorized device operator. For more details, refer to Instruction Manual Appendix A and Appendix E dated 20230615.

Recommendations For versions prior to 4.5.0.20, update to version 4.5.0.20 or later to resolve the issue. As a temporary workaround, consider restricting access to the SEL Grid Configurator to minimize the risk of exploitation.