FKIE_CVE-2024-2103

Vulnerability from fkie_nvd - Published: 2024-04-04 16:15 - Updated: 2024-11-21 09:09
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Summary
Inclusion of undocumented features vulnerability accessible when logged on with a privileged access level on the following Schweitzer Engineering Laboratories relays could allow the relay to behave unpredictably: SEL-700BT Motor Bus Transfer Relay, SEL-700G Generator Protection Relay, SEL-710-5 Motor Protection Relay, SEL-751 Feeder Protection Relay, SEL-787-2/-3/-4 Transformer Protection Relay, SEL-787Z High-Impedance Differential Relay . See product instruction manual appendix A dated 20240308 for more details regarding the SEL-751 Feeder Protection Relay. For more information for the other affected products, see their instruction manuals dated 20240329.
References
security@selinc.comhttps://selinc.com/support/security-notifications/external-reports/
af854a3a-2127-422b-91ae-364da2661108https://selinc.com/support/security-notifications/external-reports/
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "\nInclusion of undocumented features vulnerability accessible when logged on with a privileged access level on the following Schweitzer Engineering Laboratories relays could allow the relay to behave unpredictably:\nSEL-700BT Motor Bus Transfer Relay, SEL-700G Generator Protection Relay, SEL-710-5 Motor Protection Relay, SEL-751 Feeder Protection Relay, SEL-787-2/-3/-4 Transformer Protection Relay, SEL-787Z High-Impedance Differential Relay\n\n. See product instruction manual appendix A dated 20240308 for more details regarding the SEL-751 Feeder Protection Relay. For more information for the other affected products, see their instruction manuals dated 20240329.\n\n"
    },
    {
      "lang": "es",
      "value": "La inclusi\u00f3n de vulnerabilidades de caracter\u00edsticas no documentadas accesibles al iniciar sesi\u00f3n con un nivel de acceso privilegiado en los siguientes rel\u00e9s de Schweitzer Engineering Laboratories podr\u00eda permitir que el rel\u00e9 se comporte de manera impredecible: Rel\u00e9 de transferencia de bus de motor SEL-700BT, Rel\u00e9 de protecci\u00f3n de generador SEL-700G, Motor SEL-710-5 Rel\u00e9 de protecci\u00f3n, Rel\u00e9 de protecci\u00f3n de alimentador SEL-751, Rel\u00e9 de protecci\u00f3n de transformador SEL-787-2/-3/-4, Rel\u00e9 diferencial de alta impedancia SEL-787Z. Consulte el ap\u00e9ndice A del manual de instrucciones del producto con fecha 20240308 para obtener m\u00e1s detalles sobre el rel\u00e9 de protecci\u00f3n del alimentador SEL-751. Para obtener m\u00e1s informaci\u00f3n sobre los dem\u00e1s productos afectados, consulte sus manuales de instrucciones con fecha 20240329."
    }
  ],
  "id": "CVE-2024-2103",
  "lastModified": "2024-11-21T09:09:02.603",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.2,
        "source": "security@selinc.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-04-04T16:15:08.650",
  "references": [
    {
      "source": "security@selinc.com",
      "url": "https://selinc.com/support/security-notifications/external-reports/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://selinc.com/support/security-notifications/external-reports/"
    }
  ],
  "sourceIdentifier": "security@selinc.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1242"
        }
      ],
      "source": "security@selinc.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.