CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2025/05/12 4:6 p.m.•52 views

CVE-2025-46737

CVE-2025-46737 relates to Schweitzer Engineering Laboratories SEL-5037 Grid Configurator. Connected PT Security entry specifies vulnerable versions: SEL-5037 Grid Configurator

7.4CVSS6.9AI score0.00147EPSS

Cvelist•added 2025/05/12 4:6 p.m.•25 views

CVE-2025-46737 Origin Validation Error

SEL-5037 Grid Configurator contains an overly permissive Cross Origin Resource Sharing CORS configuration for a data gateway service in the application. This gateway service includes an API which is not properly configured to reject requests from unexpected sources...

7.4CVSS0.00147EPSS

Vulnrichment•added 2025/05/12 4:6 p.m.•8 views

CVE-2025-46737 Origin Validation Error

7.4CVSS6.8AI score0.00147EPSS

CNNVD•added 2025/05/12 12:0 a.m.•2 views

Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator 安全漏洞

Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator is a freely distributed software tool from Schweitzer Engineering Laboratories, Inc. --- Grid Configurator allows engineers and technicians to quickly create, manage, and deploy settings for SEL power system equipment. A security...

7.4CVSS6.7AI score0.00147EPSS

BDU FSTEC•added 2023/09/19 12:0 a.m.•1 views

The vulnerability of the SEL-5037 SEL Grid Configurator software in terms of creating, managing, and deploying energy systems lies in its use of rigidly encrypted credentials. This allows a malicious individual to bypass authentication processes.

The vulnerability of the SEL-5037 SEL Grid Configurator software for creating, managing, and deploying energy systems lies in the use of rigidly encrypted credentials. Exploiting this vulnerability could allow an attacker to bypass authentication processes...

8.4CVSS7.5AI score0.00199EPSS

Exploits0References3Affected Software1

BDU FSTEC•added 2023/09/19 12:0 a.m.•2 views

The vulnerability of the SEL-5037 SEL Grid Configurator software in terms of creating, managing, and deploying energy systems allows a hacker to perform a CSRF attack due to insufficient verification of the authenticity of the executed requests.

The vulnerability of the SEL-5037 SEL Grid Configurator software, which is used for creating, managing, and deploying energy systems, stems from insufficient verification of the authenticity of the requests being made. Exploiting this vulnerability could allow a malicious actor to carry out a CSR...

7.8CVSS6.5AI score0.00204EPSS

Exploits0References3Affected Software1

BDU FSTEC•added 2023/09/08 12:0 a.m.•2 views

The vulnerability of the SEL-5037 SEL Grid Configurator software in terms of creating, managing, and deploying energy systems allows a perpetrator to execute arbitrary code with administrative privileges. This vulnerability is related to errors in privilege management.

The vulnerability of the SEL-5037 SEL Grid Configurator software in terms of creating, managing, and deploying energy systems is related to errors in privilege management. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code with administrative privileges...

10CVSS8.4AI score0.00422EPSS

Exploits0References3Affected Software1

OSV•added 2023/08/31 4:15 p.m.•3 views

CVE-2023-34392

A Missing Authentication for Critical Function vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run arbitrary commands on managed devices by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated...

8.8CVSS5.9AI score

OSV•added 2023/08/31 4:15 p.m.•4 views

CVE-2023-31173

Use of Hard-coded Credentials vulnerability in Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator on Windows allows Authentication Bypass. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5037 SEL Grid Configurator: before...

8.4CVSS5.8AI score0.00199EPSS

OSV•added 2023/08/31 4:15 p.m.•3 views

CVE-2023-31174

A Cross-Site Request Forgery CSRF vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more...

6.5CVSS5.8AI score0.00204EPSS

OSV•added 2023/08/31 4:15 p.m.•5 views

CVE-2023-31175

An Execution with Unnecessary Privileges vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run system commands with the highest level privilege on the system. See Instruction Manual Appendix A and Appendix E dated 20230615 for more...

9.8CVSS5.9AI score0.00422EPSS

NVD•added 2023/08/31 4:15 p.m.•7 views

CVE-2023-31173

8.4CVSS8AI score0.00199EPSS

NVD•added 2023/08/31 4:15 p.m.•10 views

CVE-2023-31174

7.4CVSS7.4AI score0.00204EPSS

NVD•added 2023/08/31 4:15 p.m.•6 views

CVE-2023-31175

9.8CVSS9.2AI score0.00422EPSS

Prion•added 2023/08/31 4:15 p.m.•18 views

Hardcoded credentials

4.6CVSS8.4AI score0.00199EPSS

Prion•added 2023/08/31 4:15 p.m.•18 views

Cross site request forgery (csrf)

4.3CVSS6.6AI score0.00204EPSS

Prion•added 2023/08/31 4:15 p.m.•27 views

Design/Logic Flaw

7.5CVSS9.5AI score0.00422EPSS

Prion•added 2023/08/31 4:15 p.m.•22 views

Authentication flaw

6.8CVSS8.8AI score0.00454EPSS

CVE•added 2023/08/31 3:31 p.m.•37 views

CVE-2023-34392

The CVE-2023-34392 entry describes a Missing Authentication for Critical Function flaw in Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator, enabling an attacker to execute arbitrary commands on managed devices via an authorized operator. Affected software is SEL-5037 Grid Config...

8.8CVSS8.7AI score0.00454EPSS