Lucene search

SELVULNRICHMENT:CVE-2024-2103

HistoryApr 04, 2024 - 3:18 p.m.

CVE-2024-2103 Inclusion of Undocumented Features

2024-04-0415:18:01

CWE-1242

SEL

github.com

cve-2024-2103

undocumented features vulnerability

schweitzer engineering laboratories

relay

privileged access level

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

AI Score

6.5

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Inclusion of undocumented features vulnerability accessible when logged on with a privileged access level on the following Schweitzer Engineering Laboratories relays could allow the relay to behave unpredictably:
SEL-700BT Motor Bus Transfer Relay, SEL-700G Generator Protection Relay, SEL-710-5 Motor Protection Relay, SEL-751 Feeder Protection Relay, SEL-787-2/-3/-4 Transformer Protection Relay, SEL-787Z High-Impedance Differential Relay

. See product instruction manual appendix A dated 20240308 for more details regarding the SEL-751 Feeder Protection Relay. For more information for the other affected products, see their instruction manuals dated 20240329.

References

selinc.com/support/security-notifications/external-reports/

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

AI Score

6.5

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-2103