CVE-2023-31176
published 2023-11-30CVE-2023-31176: An Insufficient Entropy vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow an unauthenticated remote attacker to brute-force session…
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.93%
56.0th percentile
An Insufficient Entropy vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow an unauthenticated remote attacker to brute-force session tokens and bypass authentication.
See product Instruction Manual Appendix A dated 20230830 for more details.
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| schweitzer_engineering_laboratories | sel-451 | >= R315-V0 < R315-V4 | R315-V4 |
| schweitzer_engineering_laboratories | sel-451 | >= R316-V0 < R316-V4 | R316-V4 |
| schweitzer_engineering_laboratories | sel-451 | >= R317-V0 < R317-V4 | R317-V4 |
| schweitzer_engineering_laboratories | sel-451 | >= R318-V0 < R318-V5 | R318-V5 |
| schweitzer_engineering_laboratories | sel-451 | >= R320-V0 < R320-V3 | R320-V3 |
| schweitzer_engineering_laboratories | sel-451 | >= R321-V0 < R321-V3 | R321-V3 |
| schweitzer_engineering_laboratories | sel-451 | >= R322-V0 < R322-V3 | R322-V3 |
| schweitzer_engineering_laboratories | sel-451 | >= R323-V0 < R323-V5 | R323-V5 |
| schweitzer_engineering_laboratories | sel-451 | >= R324-V0 < R324-V4 | R324-V4 |
| schweitzer_engineering_laboratories | sel-451 | >= R325-V0 < R325-V3 | R325-V3 |
| schweitzer_engineering_laboratories | sel-451 | >= R326-V0 < R326-V1 | R326-V1 |
| schweitzer_engineering_laboratories | sel-451 | >= R327-V0 < R327-V1 | R327-V1 |
| selinc | sel-451_firmware | — | — |
| selinc | sel-451_firmware | — | — |
| selinc | sel-451_firmware | >= r315-v0 < r315-v4 | r315-v4 |
| selinc | sel-451_firmware | >= r316-v0 < r316-v4 | r316-v4 |
| selinc | sel-451_firmware | >= r317-v0 < r317-v4 | r317-v4 |
| selinc | sel-451_firmware | >= r318-v0 < r318-v5 | r318-v5 |
| selinc | sel-451_firmware | >= r320-v0 < r320-v3 | r320-v3 |
| selinc | sel-451_firmware | >= r321-v0 < r321-v3 | r321-v3 |
| selinc | sel-451_firmware | >= r322-v0 < r322-v3 | r322-v3 |
| selinc | sel-451_firmware | >= r323-v0 < r323-v5 | r323-v5 |
| selinc | sel-451_firmware | >= r324-v0 < r324-v4 | r324-v4 |
| selinc | sel-451_firmware | >= r325-v0 < r325-v3 | r325-v3 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-11-30
Published