CVE-2024-2103

Inclusion of undocumented features vulnerability accessible when logged on with a privileged access level on the following Schweitzer Engineering Laboratories relays could allow the relay to behave unpredictably: SEL-700BT Motor Bus Transfer Relay, SEL-700G Generator Protection Relay, SEL-710-5 Motor Protection Relay, SEL-751 Feeder Protection Relay, SEL-787-2/-3/-4 Transformer Protection Relay, SEL-787Z High-Impedance Differential Relay . See product instruction manual appendix A dated 20240308 for more details regarding the SEL-751 Feeder Protection Relay. For more information for the other affected products, see their instruction manuals dated 20240329.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://selinc.com/support/security-notifications/external-reports/

Configurations

No configuration.

History

No history.

Information

Published : 2024-04-04 16:15

Updated : 2024-04-04 16:33

NVD link : CVE-2024-2103

Mitre link : CVE-2024-2103

CVE.ORG link : CVE-2024-2103

JSON object : View

Products Affected

No product.

CWE

CWE-1242

Inclusion of Undocumented Features or Chicken Bits

{"id": "CVE-2024-2103", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@selinc.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 1.2}]}, "published": "2024-04-04T16:15:08.650", "references": [{"url": "https://selinc.com/support/security-notifications/external-reports/", "source": "security@selinc.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security@selinc.com", "description": [{"lang": "en", "value": "CWE-1242"}]}], "descriptions": [{"lang": "en", "value": "\nInclusion of undocumented features vulnerability accessible when logged on with a privileged access level on the following Schweitzer Engineering Laboratories relays could allow the relay to behave unpredictably:\nSEL-700BT Motor Bus Transfer Relay, SEL-700G Generator Protection Relay, SEL-710-5 Motor Protection Relay, SEL-751 Feeder Protection Relay, SEL-787-2/-3/-4 Transformer Protection Relay, SEL-787Z High-Impedance Differential Relay\n\n. See product instruction manual appendix A dated 20240308 for more details regarding the SEL-751 Feeder Protection Relay. For more information for the other affected products, see their instruction manuals dated 20240329.\n\n"}, {"lang": "es", "value": "La inclusi\u00f3n de vulnerabilidades de caracter\u00edsticas no documentadas accesibles al iniciar sesi\u00f3n con un nivel de acceso privilegiado en los siguientes rel\u00e9s de Schweitzer Engineering Laboratories podr\u00eda permitir que el rel\u00e9 se comporte de manera impredecible: Rel\u00e9 de transferencia de bus de motor SEL-700BT, Rel\u00e9 de protecci\u00f3n de generador SEL-700G, Motor SEL-710-5 Rel\u00e9 de protecci\u00f3n, Rel\u00e9 de protecci\u00f3n de alimentador SEL-751, Rel\u00e9 de protecci\u00f3n de transformador SEL-787-2/-3/-4, Rel\u00e9 diferencial de alta impedancia SEL-787Z. Consulte el ap\u00e9ndice A del manual de instrucciones del producto con fecha 20240308 para obtener m\u00e1s detalles sobre el rel\u00e9 de protecci\u00f3n del alimentador SEL-751. Para obtener m\u00e1s informaci\u00f3n sobre los dem\u00e1s productos afectados, consulte sus manuales de instrucciones con fecha 20240329."}], "lastModified": "2024-04-04T16:33:06.610", "sourceIdentifier": "security@selinc.com"}