cbcvebase.

Schweitzer Engineering Laboratories Sel-451 vulnerabilities

5 known vulnerabilities affecting schweitzer_engineering_laboratories/sel-451.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2023-31176P2CRITICALCVSS 9.8≥ R315-V0, < R315-V4≥ R316-V0, < R316-V4+10 more2023-11-30
CVE-2023-31176 [CRITICAL] CWE-331 CVE-2023-31176: An Insufficient Entropy vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow An Insufficient Entropy vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow an unauthenticated remote attacker to brute-force session tokens and bypass authentication. See product Instruction Manual Appendix A dated 20230830 for more details.
nvd
CVE-2023-34388P2CRITICALCVSS 9.8≥ R315-V0, < R315-V4≥ R316-V0, < R316-V4+10 more2023-11-30
CVE-2023-34388 [CRITICAL] CWE-287 CVE-2023-34388: An Improper Authentication vulnerability in the Schweitzer Engineering Laboratories SEL-451 could al An Improper Authentication vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote unauthenticated attacker to potentially perform session hijacking attack and bypass authentication. See product Instruction Manual Appendix A dated 20230830 for more details.
nvd
CVE-2023-34389P4MEDIUMCVSS 6.5≥ R315-V0, < R315-V4≥ R316-V0, < R316-V4+10 more2023-11-30
CVE-2023-34389 [MEDIUM] CWE-770 CVE-2023-34389: An allocation of resources without limits or throttling vulnerability in the Schweitzer Engineering An allocation of resources without limits or throttling vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to make the system unavailable for an indefinite amount of time. See product Instruction Manual Appendix A dated 20230830 for more details.
nvd
CVE-2023-34390P4MEDIUMCVSS 6.5≥ R315-V0, < R315-V4≥ R316-V0, < R316-V4+10 more2023-11-30
CVE-2023-34390 [MEDIUM] CWE-20 CVE-2023-34390: An input validation vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a r An input validation vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to create a denial of service against the system and locking out services. See product Instruction Manual Appendix A dated 20230830 for more details.
nvd
CVE-2023-31177P4MEDIUMCVSS 6.1≥ R315-V0, < R315-V4≥ R316-V0, < R316-V4+10 more2023-11-30
CVE-2023-31177 [MEDIUM] CWE-79 CVE-2023-31177: An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in the Schw An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in the Schweitzer Engineering Laboratories SEL-451 could allow an attacker to craft a link that could execute arbitrary code on a victim's system. See product Instruction Manual Appendix A dated 20230830 for more details.
nvd
Schweitzer Engineering Laboratories Sel-451 vulnerabilities | cvebase