CVE-2024-2103
Vulnerability from cvelistv5
Published
2024-04-04 15:18
Modified
2024-08-01 19:03
Summary
Inclusion of Undocumented Features
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-2103",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-04T17:11:57.943227Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:28:59.654Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T19:03:39.137Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://selinc.com/support/security-notifications/external-reports/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "SEL-700BT Motor Bus Transfer Relay",
          "vendor": "Schweitzer Engineering Laboratories",
          "versions": [
            {
              "lessThan": "R301-V6",
              "status": "affected",
              "version": "R301-V0",
              "versionType": "custom"
            },
            {
              "lessThan": "R302-V1",
              "status": "affected",
              "version": "R302-V0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": " SEL-700G Generator Protection Relay",
          "vendor": "Schweitzer Engineering Laboratories",
          "versions": [
            {
              "lessThan": "R301-V6",
              "status": "affected",
              "version": "R100-V0",
              "versionType": "custom"
            },
            {
              "lessThan": "R302-V1",
              "status": "affected",
              "version": "R302-V0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SEL-710-5 Motor Protection Relay",
          "vendor": "SEL-710-5 Motor Protection Relay",
          "versions": [
            {
              "lessThan": "R302-V1",
              "status": "affected",
              "version": "R100-V0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SEL-751 Feeder Protection Relay",
          "vendor": "Schweitzer Engineering Laboratories",
          "versions": [
            {
              "lessThan": "R302-V3",
              "status": "affected",
              "version": "R101-V0",
              "versionType": "custom"
            },
            {
              "lessThan": "R400-V2",
              "status": "affected",
              "version": "R400-V0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SEL-787-2/-3/-4 Transformer Protection Relay",
          "vendor": "Schweitzer Engineering Laboratories",
          "versions": [
            {
              "lessThan": "R302-V1",
              "status": "affected",
              "version": "R100-V0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SEL-787Z High-Impedance Differential Relay",
          "vendor": "Schweitzer Engineering Laboratories",
          "versions": [
            {
              "lessThan": "R302-V3",
              "status": "affected",
              "version": "R302-V0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Anonymous Researcher"
        }
      ],
      "datePublic": "2024-04-04T15:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\n\nInclusion of undocumented features vulnerability accessible when logged on with a privileged access level on the following Schweitzer Engineering Laboratories relays could allow the relay to behave unpredictably:\u003cbr\u003eSEL-700BT Motor Bus Transfer Relay, SEL-700G Generator Protection Relay, SEL-710-5 Motor Protection Relay, SEL-751 Feeder Protection Relay, SEL-787-2/-3/-4 Transformer Protection Relay, SEL-787Z High-Impedance Differential Relay\u003cbr\u003e\u003cbr\u003e. See product instruction manual appendix A dated 20240308 for more details regarding the SEL-751 Feeder Protection Relay. For more information for the other affected products, see their instruction manuals dated 20240329.\u003cp\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e\u003cbr\u003e\u003c/span\u003e\u003c/p\u003e"
            }
          ],
          "value": "\nInclusion of undocumented features vulnerability accessible when logged on with a privileged access level on the following Schweitzer Engineering Laboratories relays could allow the relay to behave unpredictably:\nSEL-700BT Motor Bus Transfer Relay, SEL-700G Generator Protection Relay, SEL-710-5 Motor Protection Relay, SEL-751 Feeder Protection Relay, SEL-787-2/-3/-4 Transformer Protection Relay, SEL-787Z High-Impedance Differential Relay\n\n. See product instruction manual appendix A dated 20240308 for more details regarding the SEL-751 Feeder Protection Relay. For more information for the other affected products, see their instruction manuals dated 20240329.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1242",
              "description": "CWE-1242: Inclusion of Undocumented Features",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-04T15:57:14.010Z",
        "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "shortName": "SEL"
      },
      "references": [
        {
          "url": "https://selinc.com/support/security-notifications/external-reports/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Inclusion of Undocumented Features",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
    "assignerShortName": "SEL",
    "cveId": "CVE-2024-2103",
    "datePublished": "2024-04-04T15:18:01.645Z",
    "dateReserved": "2024-03-01T16:25:22.105Z",
    "dateUpdated": "2024-08-01T19:03:39.137Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-2103\",\"sourceIdentifier\":\"security@selinc.com\",\"published\":\"2024-04-04T16:15:08.650\",\"lastModified\":\"2024-04-04T16:33:06.610\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"\\nInclusion of undocumented features vulnerability accessible when logged on with a privileged access level on the following Schweitzer Engineering Laboratories relays could allow the relay to behave unpredictably:\\nSEL-700BT Motor Bus Transfer Relay, SEL-700G Generator Protection Relay, SEL-710-5 Motor Protection Relay, SEL-751 Feeder Protection Relay, SEL-787-2/-3/-4 Transformer Protection Relay, SEL-787Z High-Impedance Differential Relay\\n\\n. See product instruction manual appendix A dated 20240308 for more details regarding the SEL-751 Feeder Protection Relay. For more information for the other affected products, see their instruction manuals dated 20240329.\\n\\n\"},{\"lang\":\"es\",\"value\":\"La inclusi\u00f3n de vulnerabilidades de caracter\u00edsticas no documentadas accesibles al iniciar sesi\u00f3n con un nivel de acceso privilegiado en los siguientes rel\u00e9s de Schweitzer Engineering Laboratories podr\u00eda permitir que el rel\u00e9 se comporte de manera impredecible: Rel\u00e9 de transferencia de bus de motor SEL-700BT, Rel\u00e9 de protecci\u00f3n de generador SEL-700G, Motor SEL-710-5 Rel\u00e9 de protecci\u00f3n, Rel\u00e9 de protecci\u00f3n de alimentador SEL-751, Rel\u00e9 de protecci\u00f3n de transformador SEL-787-2/-3/-4, Rel\u00e9 diferencial de alta impedancia SEL-787Z. Consulte el ap\u00e9ndice A del manual de instrucciones del producto con fecha 20240308 para obtener m\u00e1s detalles sobre el rel\u00e9 de protecci\u00f3n del alimentador SEL-751. Para obtener m\u00e1s informaci\u00f3n sobre los dem\u00e1s productos afectados, consulte sus manuales de instrucciones con fecha 20240329.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@selinc.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.2,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"security@selinc.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1242\"}]}],\"references\":[{\"url\":\"https://selinc.com/support/security-notifications/external-reports/\",\"source\":\"security@selinc.com\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.