Schweitzer Engineering Laboratories Sel-451 vulnerabilities
5 known vulnerabilities affecting schweitzer_engineering_laboratories/sel-451.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2023-31176P2CRITICALCVSS 9.8≥ R315-V0, < R315-V4≥ R316-V0, < R316-V4+10 more2023-11-30
CVE-2023-31176 [CRITICAL] CWE-331 CVE-2023-31176: An Insufficient Entropy vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow
An Insufficient Entropy vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow an unauthenticated remote attacker to brute-force session tokens and bypass authentication.
See product Instruction Manual Appendix A dated 20230830 for more details.
nvd
CVE-2023-34388P2CRITICALCVSS 9.8≥ R315-V0, < R315-V4≥ R316-V0, < R316-V4+10 more2023-11-30
CVE-2023-34388 [CRITICAL] CWE-287 CVE-2023-34388: An Improper Authentication vulnerability in the Schweitzer Engineering Laboratories SEL-451 could al
An Improper Authentication vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote unauthenticated attacker to potentially perform session hijacking attack and bypass authentication.
See product Instruction Manual Appendix A dated 20230830 for more details.
nvd
CVE-2023-34389P4MEDIUMCVSS 6.5≥ R315-V0, < R315-V4≥ R316-V0, < R316-V4+10 more2023-11-30
CVE-2023-34389 [MEDIUM] CWE-770 CVE-2023-34389: An allocation of resources without limits or throttling vulnerability in the Schweitzer Engineering
An allocation of resources without limits or throttling vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to make the system unavailable for an indefinite amount of time.
See product Instruction Manual Appendix A dated 20230830 for more details.
nvd
CVE-2023-34390P4MEDIUMCVSS 6.5≥ R315-V0, < R315-V4≥ R316-V0, < R316-V4+10 more2023-11-30
CVE-2023-34390 [MEDIUM] CWE-20 CVE-2023-34390: An input validation vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a r
An input validation vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to create a denial of service against the system and locking out services.
See product Instruction Manual Appendix A dated 20230830 for more details.
nvd
CVE-2023-31177P4MEDIUMCVSS 6.1≥ R315-V0, < R315-V4≥ R316-V0, < R316-V4+10 more2023-11-30
CVE-2023-31177 [MEDIUM] CWE-79 CVE-2023-31177: An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in the Schw
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in the Schweitzer Engineering Laboratories SEL-451 could allow an attacker to craft a link that could execute arbitrary code on a victim's system.
See product Instruction Manual Appendix A dated 20230830 for more details.
nvd