15 matches found
EUVD-2023-38472
Malicious code in bioql PyPI...
The vulnerability of the SEL-5037 SEL Grid Configurator software in terms of creating, managing, and deploying energy systems allows a hacker to perform a CSRF attack due to insufficient verification of the authenticity of the executed requests.
The vulnerability of the SEL-5037 SEL Grid Configurator software, which is used for creating, managing, and deploying energy systems, stems from insufficient verification of the authenticity of the requests being made. Exploiting this vulnerability could allow a malicious actor to carry out a CSR...
CVE-2023-31174
A Cross-Site Request Forgery CSRF vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more...
CVE-2023-31173
Use of Hard-coded Credentials vulnerability in Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator on Windows allows Authentication Bypass. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5037 SEL Grid Configurator: before...
CVE-2023-31175
An Execution with Unnecessary Privileges vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run system commands with the highest level privilege on the system. See Instruction Manual Appendix A and Appendix E dated 20230615 for more...
Authentication flaw
A Missing Authentication for Critical Function vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run arbitrary commands on managed devices by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated...
Cross site request forgery (csrf)
A Cross-Site Request Forgery CSRF vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more...
Design/Logic Flaw
An Execution with Unnecessary Privileges vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run system commands with the highest level privilege on the system. See Instruction Manual Appendix A and Appendix E dated 20230615 for more...
Hardcoded credentials
Use of Hard-coded Credentials vulnerability in Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator on Windows allows Authentication Bypass. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5037 SEL Grid Configurator: before...
CVE-2023-34392
The CVE-2023-34392 entry describes a Missing Authentication for Critical Function flaw in Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator, enabling an attacker to execute arbitrary commands on managed devices via an authorized operator. Affected software is SEL-5037 Grid Config...
CVE-2023-31175
The CVE-2023-31175 issue affects SEL-5037 SEL Grid Configurator (pre-4.5.0.20). It is a privilege-related execution flaw that could allow an attacker to run arbitrary commands with the highest privileges on the host. Affected component is SEL Grid Configurator; root cause is improper privilege ha...
CVE-2023-31174
The CVE-2023-31174 entry describes a Cross-Site Request Forgery (CSRF) in Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator. Affected product/version: SEL-5037 Grid Configurator prior to 4.5.0.20. Underlying issue: CSRF could enable an attacker to embed instructions that are exec...
CVE-2023-31174 Cross-Site Request Forgery (CSRF)
A Cross-Site Request Forgery CSRF vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more...
CVE-2023-31173
CVE-2023-31173 affects Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator for Windows, with the root cause identified as hard-coded credentials that enable authentication bypass. The issue applies to versions before 4.5.0.20. According to the connected sources, the vulnerability i...
PT-2023-4876 · Schweitzer Engineering Laboratories · Sel-5037 Sel Grid Configurator
Name of the Vulnerable Software and Affected Versions: Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator versions prior to 4.5.0.20 Description: The issue is related to an Execution with Unnecessary Privileges vulnerability in the SEL-5037 SEL Grid Configurator, which could allow...