CVE-2023-31174

Name of the Vulnerable Software and Affected Versions Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator versions prior to 4.5.0.20

Description A Cross-Site Request Forgery (CSRF) issue affects the SEL Grid Configurator, allowing an attacker to embed instructions that could be executed by an authorized device operator. This is due to insufficient authentication of executed requests. The issue can be exploited by a remote attacker to perform a CSRF attack.

Recommendations For versions prior to 4.5.0.20, update to version 4.5.0.20 or later to resolve the issue. As a temporary workaround, consider implementing additional authentication measures to verify the authenticity of requests. Restrict access to the SEL Grid Configurator to minimize the risk of exploitation.