CVE-2023-31175

Name of the Vulnerable Software and Affected Versions Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator versions prior to 4.5.0.20

Description The issue is related to an Execution with Unnecessary Privileges vulnerability in the SEL-5037 SEL Grid Configurator, which could allow an attacker to run system commands with the highest level privilege on the system. This vulnerability is associated with errors in privilege management.

Recommendations For versions prior to 4.5.0.20, update to version 4.5.0.20 or later to resolve the issue. As a temporary workaround, consider restricting access to system commands to minimize the risk of exploitation. Refer to Instruction Manual Appendix A and Appendix E dated 20230615 for more details.