Lucene search

SELCVELIST:CVE-2024-2103

HistoryApr 04, 2024 - 3:18 p.m.

CVE-2024-2103 Inclusion of Undocumented Features

2024-04-0415:18:01

CWE-1242

SEL

www.cve.org

cve-2024-2103

undocumented features

vulnerability

schweitzer engineering laboratories

relays

privileged access

unpredictable behavior

instruction manuals

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

AI Score

6.5

Confidence

High

EPSS

Percentile

9.0%

JSON

Inclusion of undocumented features vulnerability accessible when logged on with a privileged access level on the following Schweitzer Engineering Laboratories relays could allow the relay to behave unpredictably:
SEL-700BT Motor Bus Transfer Relay, SEL-700G Generator Protection Relay, SEL-710-5 Motor Protection Relay, SEL-751 Feeder Protection Relay, SEL-787-2/-3/-4 Transformer Protection Relay, SEL-787Z High-Impedance Differential Relay

. See product instruction manual appendix A dated 20240308 for more details regarding the SEL-751 Feeder Protection Relay. For more information for the other affected products, see their instruction manuals dated 20240329.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SEL-700BT Motor Bus Transfer Relay",
    "vendor": "Schweitzer Engineering Laboratories",
    "versions": [
      {
        "lessThan": "R301-V6",
        "status": "affected",
        "version": "R301-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R302-V1",
        "status": "affected",
        "version": "R302-V0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": " SEL-700G Generator Protection Relay",
    "vendor": "Schweitzer Engineering Laboratories",
    "versions": [
      {
        "lessThan": "R301-V6",
        "status": "affected",
        "version": "R100-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R302-V1",
        "status": "affected",
        "version": "R302-V0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "SEL-710-5 Motor Protection Relay",
    "vendor": "SEL-710-5 Motor Protection Relay",
    "versions": [
      {
        "lessThan": "R302-V1",
        "status": "affected",
        "version": "R100-V0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "SEL-751 Feeder Protection Relay",
    "vendor": "Schweitzer Engineering Laboratories",
    "versions": [
      {
        "lessThan": "R302-V3",
        "status": "affected",
        "version": "R101-V0",
        "versionType": "custom"
      },
      {
        "lessThan": "R400-V2",
        "status": "affected",
        "version": "R400-V0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "SEL-787-2/-3/-4 Transformer Protection Relay",
    "vendor": "Schweitzer Engineering Laboratories",
    "versions": [
      {
        "lessThan": "R302-V1",
        "status": "affected",
        "version": "R100-V0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "SEL-787Z High-Impedance Differential Relay",
    "vendor": "Schweitzer Engineering Laboratories",
    "versions": [
      {
        "lessThan": "R302-V3",
        "status": "affected",
        "version": "R302-V0",
        "versionType": "custom"
      }
    ]
  }
]

References

selinc.com/support/security-notifications/external-reports/

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

AI Score

6.5

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2024-2103