PT-2023-5227 · Schweitzer Engineering Laboratories · Sel-5037 Sel Grid Configurator

Gabriele Quagliarella

Published

2023-08-31

Updated

2023-09-06

CVE-2023-31173

CVSS v3.1

8.4

High

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator versions prior to 4.5.0.20

Description The issue is related to the use of hard-coded credentials in the SEL-5037 SEL Grid Configurator, which allows authentication bypass. For more details, refer to the Instruction Manual Appendix A and Appendix E dated 20230615.

Recommendations For versions prior to 4.5.0.20, update to version 4.5.0.20 or later to resolve the issue. As a temporary workaround, consider restricting access to the SEL Grid Configurator to minimize the risk of exploitation.

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

BDU:2023-05835

CVE-2023-31173

Affected Products

Sel-5037 Sel Grid Configurator

CVE-2023-31173

Weakness Enumeration

Related Identifiers

Affected Products

References · 7