Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    60 vulnerabilities

    CVE-2025-48018 (GCVE-0-2025-48018)

    Vulnerability from cvelistv5 – Published: 2025-05-20 15:14 – Updated: 2025-05-20 15:43
    VLAI
    Title
    Deserialization of Untrusted Data
    Summary
    An authenticated user can modify application state data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    SEL
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-48018",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-20T15:42:16.873274Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-20T15:43:44.337Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "SEL-5030 acSELerator QuickSet Software",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "7.5.2.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An authenticated user can modify application state data."
                }
              ],
              "value": "An authenticated user can modify application state data."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-20T15:14:36.200Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/products/software/latest-software-versions/"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Deserialization of Untrusted Data",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2025-48018",
        "datePublished": "2025-05-20T15:14:36.200Z",
        "dateReserved": "2025-05-15T00:31:11.898Z",
        "dateUpdated": "2025-05-20T15:43:44.337Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-48017 (GCVE-0-2025-48017)

    Vulnerability from cvelistv5 – Published: 2025-05-20 15:14 – Updated: 2025-05-20 15:54
    VLAI
    Title
    Improper Limitation of a Pathname to a Restricted Directory
    Summary
    Improper limitation of pathname in Circuit Provisioning and File Import applications allows modification and uploading of files
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    SEL
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-48017",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-20T15:54:21.666204Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-20T15:54:26.743Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "SEL-5056 Software-Defined Network Flow Controller",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "2.16.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper limitation of pathname in Circuit Provisioning and File Import applications allows modification and uploading of files"
                }
              ],
              "value": "Improper limitation of pathname in Circuit Provisioning and File Import applications allows modification and uploading of files"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-20T15:14:02.728Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/products/software/latest-software-versions/"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Improper Limitation of a Pathname to a Restricted Directory",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2025-48017",
        "datePublished": "2025-05-20T15:14:02.728Z",
        "dateReserved": "2025-05-15T00:31:11.898Z",
        "dateUpdated": "2025-05-20T15:54:26.743Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-48016 (GCVE-0-2025-48016)

    Vulnerability from cvelistv5 – Published: 2025-05-20 15:12 – Updated: 2025-05-20 15:55
    VLAI
    Title
    Improper Control of Interaction Frequency
    Summary
    OpenFlow discovery protocol can exhaust resources because it is not rate limited
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-799 - Improper Control of Interaction Frequency
    Assigner
    SEL
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-48016",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-20T15:54:59.144434Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-20T15:55:05.750Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "SEL-5056 Software-Defined Network Flow Controller",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "2.16.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "SEL Blueframe"
              ],
              "product": "SEL-5056 Software-Defined Network Flow Controller",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "2.16.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "OpenFlow discovery protocol can exhaust resources because it is not rate limited"
                }
              ],
              "value": "OpenFlow discovery protocol can exhaust resources because it is not rate limited"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-799",
                  "description": "CWE-799 Improper Control of Interaction Frequency",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-20T15:12:20.861Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/products/software/latest-software-versions/"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Improper Control of Interaction Frequency",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2025-48016",
        "datePublished": "2025-05-20T15:12:20.861Z",
        "dateReserved": "2025-05-15T00:31:11.897Z",
        "dateUpdated": "2025-05-20T15:55:05.750Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-48015 (GCVE-0-2025-48015)

    Vulnerability from cvelistv5 – Published: 2025-05-20 15:11 – Updated: 2025-05-20 15:55
    VLAI
    Title
    Observable Response Discrepancy
    Summary
    Failed login response could be different depending on whether the username was local or central.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-204 - Observable Response Discrepancy
    Assigner
    SEL
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-48015",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-20T15:55:22.553964Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-20T15:55:28.762Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SEL-5056 Software-Defined Network Flow Controller",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "2.16.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Failed login response could be different depending on whether the username was local or central."
                }
              ],
              "value": "Failed login response could be different depending on whether the username was local or central."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-204",
                  "description": "CWE-204 Observable Response Discrepancy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-20T15:11:53.851Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/products/software/latest-software-versions/"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Observable Response Discrepancy",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2025-48015",
        "datePublished": "2025-05-20T15:11:53.851Z",
        "dateReserved": "2025-05-15T00:31:11.897Z",
        "dateUpdated": "2025-05-20T15:55:28.762Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-48014 (GCVE-0-2025-48014)

    Vulnerability from cvelistv5 – Published: 2025-05-20 15:10 – Updated: 2025-05-20 15:55
    VLAI
    Title
    Improper Restriction of Excessive Authentication Attempts
    Summary
    Password guessing limits could be bypassed when using LDAP authentication.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-307 - Improper Restriction of Excessive Authentication Attempts
    Assigner
    SEL
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-48014",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-20T15:55:40.900047Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-20T15:55:46.002Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "SEL-5056 Software-Defined Network Flow Controller",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "2.16.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Password guessing limits could be bypassed when using LDAP authentication."
                }
              ],
              "value": "Password guessing limits could be bypassed when using LDAP authentication."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-307",
                  "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-20T15:10:54.624Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/products/software/latest-software-versions/"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Improper Restriction of Excessive Authentication Attempts",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2025-48014",
        "datePublished": "2025-05-20T15:10:54.624Z",
        "dateReserved": "2025-05-15T00:31:11.897Z",
        "dateUpdated": "2025-05-20T15:55:46.002Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-46743 (GCVE-0-2025-46743)

    Vulnerability from cvelistv5 – Published: 2025-05-12 16:14 – Updated: 2025-05-12 17:29
    VLAI
    Title
    Cross-Site Request Forgery
    Summary
    An authenticated user's token could be used by another source after the user had logged out prior to the token expiring.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    SEL
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-46743",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-12T17:28:57.170028Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-12T17:29:34.022Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SEL Blueframe OS",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "1.12.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An authenticated user\u0027s token could be used by another source after the user had logged out prior to the token expiring."
                }
              ],
              "value": "An authenticated user\u0027s token could be used by another source after the user had logged out prior to the token expiring."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-12T16:14:05.722Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/products/software/latest-software-versions/"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Cross-Site Request Forgery",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2025-46743",
        "datePublished": "2025-05-12T16:14:05.722Z",
        "dateReserved": "2025-04-28T21:27:38.848Z",
        "dateUpdated": "2025-05-12T17:29:34.022Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-46750 (GCVE-0-2025-46750)

    Vulnerability from cvelistv5 – Published: 2025-05-12 16:13 – Updated: 2025-05-12 17:30
    VLAI
    Title
    Authentication Bypass
    Summary
    SEL BIOS packages prior to 1.3.49152.117 or 2.6.49152.98 allow a local attacker to bypass password authentication and change password-protected BIOS settings by importing a BIOS settings file with no password set.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    SEL
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-46750",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-12T17:30:19.291613Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-12T17:30:32.158Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SEL-3350-1",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "1.3.49152.117",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SEL-3355-2",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "2.6.49152.98",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SEL-3360-2",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "2.6.49152.98",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "SEL BIOS packages prior to 1.3.49152.117 or 2.6.49152.98 allow a local attacker to bypass password authentication and change password-protected  BIOS settings by importing a BIOS settings file with no password set."
                }
              ],
              "value": "SEL BIOS packages prior to 1.3.49152.117 or 2.6.49152.98 allow a local attacker to bypass password authentication and change password-protected  BIOS settings by importing a BIOS settings file with no password set."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-305",
                  "description": "CWE-305",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-12T16:13:03.083Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/products/software/latest-software-versions/"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Authentication Bypass",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2025-46750",
        "datePublished": "2025-05-12T16:13:03.083Z",
        "dateReserved": "2025-04-28T21:27:51.944Z",
        "dateUpdated": "2025-05-12T17:30:32.158Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-46749 (GCVE-0-2025-46749)

    Vulnerability from cvelistv5 – Published: 2025-05-12 16:12 – Updated: 2025-05-12 17:38
    VLAI
    Title
    Improper Neutralization of Input
    Summary
    An authenticated user could submit scripting to fields that lack proper input and output sanitization leading to subsequent client-side script execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    SEL
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-46749",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-12T17:38:02.720058Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-12T17:38:23.392Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SEL Blueframe OS",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "1.10.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An authenticated user could submit scripting to fields that lack proper input and output sanitization leading to subsequent client-side script execution."
                }
              ],
              "value": "An authenticated user could submit scripting to fields that lack proper input and output sanitization leading to subsequent client-side script execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-12T16:12:25.269Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/products/software/latest-software-versions/"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Improper Neutralization of Input",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2025-46749",
        "datePublished": "2025-05-12T16:12:25.269Z",
        "dateReserved": "2025-04-28T21:27:51.944Z",
        "dateUpdated": "2025-05-12T17:38:23.392Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-46748 (GCVE-0-2025-46748)

    Vulnerability from cvelistv5 – Published: 2025-05-12 16:12 – Updated: 2025-05-12 17:39
    VLAI
    Title
    Unverified Password Change
    Summary
    An authenticated user attempting to change their password could do so without using the current password.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    SEL
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-46748",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-12T17:39:10.440143Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-12T17:39:24.683Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SEL Blueframe OS",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "1.10.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An authenticated user attempting to change their password could do so without using the current password."
                }
              ],
              "value": "An authenticated user attempting to change their password could do so without using the current password."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 2.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-620",
                  "description": "CWE-620",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-12T16:12:07.018Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/products/software/latest-software-versions/"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Unverified Password Change",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2025-46748",
        "datePublished": "2025-05-12T16:12:07.018Z",
        "dateReserved": "2025-04-28T21:27:51.944Z",
        "dateUpdated": "2025-05-12T17:39:24.683Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-46747 (GCVE-0-2025-46747)

    Vulnerability from cvelistv5 – Published: 2025-05-12 16:11 – Updated: 2025-05-12 17:48
    VLAI
    Title
    Exposure of Sensitive System Information
    Summary
    An authenticated user without user-management permissions could identify other user accounts.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    SEL
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-46747",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-12T17:48:00.488017Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-12T17:48:19.190Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SEL Blueframe OS",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "1.12.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An authenticated user without user-management permissions could identify other user accounts."
                }
              ],
              "value": "An authenticated user without user-management permissions could identify other user accounts."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-497",
                  "description": "CWE-497",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-12T16:11:52.359Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/products/software/latest-software-versions/"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Exposure of Sensitive System Information",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2025-46747",
        "datePublished": "2025-05-12T16:11:52.359Z",
        "dateReserved": "2025-04-28T21:27:51.944Z",
        "dateUpdated": "2025-05-12T17:48:19.190Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-46746 (GCVE-0-2025-46746)

    Vulnerability from cvelistv5 – Published: 2025-05-12 16:11 – Updated: 2025-05-12 17:50
    VLAI
    Title
    Error Message Contains Sensitive Information
    Summary
    An administrator could discover another account's credentials.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-209 - Generation of Error Message Containing Sensitive Information
    Assigner
    SEL
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-46746",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-12T17:49:59.314161Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-12T17:50:17.015Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SEL Blueframe OS",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "1.12.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An administrator could discover another account\u0027s credentials."
                }
              ],
              "value": "An administrator could discover another account\u0027s credentials."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-209",
                  "description": "CWE-209 Generation of Error Message Containing Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-12T16:11:33.768Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/products/software/latest-software-versions/"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Error Message Contains Sensitive Information",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2025-46746",
        "datePublished": "2025-05-12T16:11:33.768Z",
        "dateReserved": "2025-04-28T21:27:38.848Z",
        "dateUpdated": "2025-05-12T17:50:17.015Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-46745 (GCVE-0-2025-46745)

    Vulnerability from cvelistv5 – Published: 2025-05-12 16:11 – Updated: 2025-10-02 00:10
    VLAI
    Title
    Improper Privilege Management
    Summary
    An authenticated user without user-management permissions could view other users account information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    SEL
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-46745",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-12T17:51:07.008620Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-12T17:51:41.630Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SEL Blueframe OS",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "1.12.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An authenticated user without user-management permissions could view other users account information."
                }
              ],
              "value": "An authenticated user without user-management permissions could view other users account information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-02T00:10:55.575Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/products/software/latest-software-versions/"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Improper Privilege Management",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2025-46745",
        "datePublished": "2025-05-12T16:11:08.840Z",
        "dateReserved": "2025-04-28T21:27:38.848Z",
        "dateUpdated": "2025-10-02T00:10:55.575Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-46744 (GCVE-0-2025-46744)

    Vulnerability from cvelistv5 – Published: 2025-05-12 16:10 – Updated: 2025-10-01 22:24
    VLAI
    Title
    Improper Privilege Management
    Summary
    An authenticated administrator could modify the Created By username for a user account
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    SEL
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-46744",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-12T17:52:33.936585Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-12T17:53:00.590Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SEL Blueframe OS",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "1.12.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An authenticated administrator could modify the Created By username for a user account"
                }
              ],
              "value": "An authenticated administrator could modify the Created By username for a user account"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 2.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-01T22:24:21.101Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/products/software/latest-software-versions/"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Improper Privilege Management",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2025-46744",
        "datePublished": "2025-05-12T16:10:29.888Z",
        "dateReserved": "2025-04-28T21:27:38.848Z",
        "dateUpdated": "2025-10-01T22:24:21.101Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-46742 (GCVE-0-2025-46742)

    Vulnerability from cvelistv5 – Published: 2025-05-12 16:10 – Updated: 2025-10-01 22:23
    VLAI
    Title
    Improper Access Control
    Summary
    Users who were required to change their password could still access system information before changing their password
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-521 - Weak Password Requirements
    Assigner
    SEL
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-46742",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-12T17:53:24.641587Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-12T17:53:46.879Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SEL Blueframe OS",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "1.12.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Users who were required to change their password could still access system information before changing their password"
                }
              ],
              "value": "Users who were required to change their password could still access system information before changing their password"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-521",
                  "description": "CWE-521 Weak Password Requirements",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-01T22:23:33.103Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/products/software/latest-software-versions/"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Improper Access Control",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2025-46742",
        "datePublished": "2025-05-12T16:10:09.527Z",
        "dateReserved": "2025-04-28T21:27:38.848Z",
        "dateUpdated": "2025-10-01T22:23:33.103Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-46741 (GCVE-0-2025-46741)

    Vulnerability from cvelistv5 – Published: 2025-05-12 16:09 – Updated: 2025-10-01 21:46
    VLAI
    Title
    Improper Privilege Management
    Summary
    A suspended or recently logged-out user could continue to interact with Blueframe until the time-out period occurred.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-613 - Insufficient Session Expiration
    Assigner
    SEL
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-46741",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-12T17:55:05.959937Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-12T17:55:24.025Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SEL Blueframe OS",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "1.12.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A suspended or recently logged-out user could continue to interact with Blueframe until the time-out period occurred."
                }
              ],
              "value": "A suspended or recently logged-out user could continue to interact with Blueframe until the time-out period occurred."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-613",
                  "description": "CWE-613 Insufficient Session Expiration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-01T21:46:34.900Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/products/software/latest-software-versions/"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Improper Privilege Management",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2025-46741",
        "datePublished": "2025-05-12T16:09:53.581Z",
        "dateReserved": "2025-04-28T21:27:38.847Z",
        "dateUpdated": "2025-10-01T21:46:34.900Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-46740 (GCVE-0-2025-46740)

    Vulnerability from cvelistv5 – Published: 2025-05-12 16:09 – Updated: 2025-05-12 17:56
    VLAI
    Title
    Improper Handling of Insufficient Permissions
    Summary
    An authenticated user without user administrative permissions could change the administrator Account Name.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    SEL
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-46740",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-12T17:55:59.873558Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-12T17:56:25.876Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SEL Blueframe OS",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "1.12.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An authenticated user without user administrative permissions could  change the administrator Account Name."
                }
              ],
              "value": "An authenticated user without user administrative permissions could  change the administrator Account Name."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-280",
                  "description": "CWE-280",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-12T16:09:22.036Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/products/software/latest-software-versions/"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Improper Handling of Insufficient Permissions",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2025-46740",
        "datePublished": "2025-05-12T16:09:22.036Z",
        "dateReserved": "2025-04-28T21:27:38.847Z",
        "dateUpdated": "2025-05-12T17:56:25.876Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-46739 (GCVE-0-2025-46739)

    Vulnerability from cvelistv5 – Published: 2025-05-12 16:08 – Updated: 2025-05-12 17:57
    VLAI
    Title
    Improper Restriction of Excessive Authentication Attempts
    Summary
    An unauthenticated user could discover account credentials via a brute-force attack without rate limiting
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-307 - Improper Restriction of Excessive Authentication Attempts
    Assigner
    SEL
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-46739",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-12T17:56:48.831649Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-12T17:57:08.901Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SEL Blueframe OS",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "1.12.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated user could discover account credentials via a brute-force attack without rate limiting"
                }
              ],
              "value": "An unauthenticated user could discover account credentials via a brute-force attack without rate limiting"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-307",
                  "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-12T16:08:38.763Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/products/software/latest-software-versions/"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Improper Restriction of Excessive Authentication Attempts",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2025-46739",
        "datePublished": "2025-05-12T16:08:38.763Z",
        "dateReserved": "2025-04-28T21:27:38.847Z",
        "dateUpdated": "2025-05-12T17:57:08.901Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-46738 (GCVE-0-2025-46738)

    Vulnerability from cvelistv5 – Published: 2025-05-12 16:07 – Updated: 2025-05-12 17:57
    VLAI
    Title
    Deserialization of Untrusted Data
    Summary
    An authenticated attacker can maliciously modify layout data files in the SEL-5033 installation directory to execute arbitrary code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    SEL
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-46738",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-12T17:57:37.050485Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-12T17:57:51.802Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SEL-5033 acSELerator RTAC Software",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "1.154.200.3500",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An authenticated attacker can maliciously modify layout data files in the SEL-5033 installation directory to execute arbitrary code."
                }
              ],
              "value": "An authenticated attacker can maliciously modify layout data files in the SEL-5033 installation directory to execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-12T16:07:02.820Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/products/software/latest-software-versions/"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Deserialization of Untrusted Data",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2025-46738",
        "datePublished": "2025-05-12T16:07:02.820Z",
        "dateReserved": "2025-04-28T21:27:38.847Z",
        "dateUpdated": "2025-05-12T17:57:51.802Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-46737 (GCVE-0-2025-46737)

    Vulnerability from cvelistv5 – Published: 2025-05-12 16:06 – Updated: 2025-05-12 17:58
    VLAI
    Title
    Origin Validation Error
    Summary
    SEL-5037 Grid Configurator contains an overly permissive Cross Origin Resource Sharing (CORS) configuration for a data gateway service in the application. This gateway service includes an API which is not properly configured to reject requests from unexpected sources.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-346 - Origin Validation Error
    Assigner
    SEL
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-46737",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-12T17:58:37.751111Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-12T17:58:52.199Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SEL-5037 Grid Configurator",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "6.4.0.58",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "SEL-5037 Grid Configurator contains an overly permissive Cross Origin Resource Sharing (CORS) configuration for a data gateway service in the application. This gateway service includes an API which is not properly configured to reject requests from unexpected sources."
                }
              ],
              "value": "SEL-5037 Grid Configurator contains an overly permissive Cross Origin Resource Sharing (CORS) configuration for a data gateway service in the application. This gateway service includes an API which is not properly configured to reject requests from unexpected sources."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-346",
                  "description": "CWE-346 Origin Validation Error",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-12T16:06:23.559Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/products/software/latest-software-versions/"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Origin Validation Error",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2025-46737",
        "datePublished": "2025-05-12T16:06:23.559Z",
        "dateReserved": "2025-04-28T21:27:38.847Z",
        "dateUpdated": "2025-05-12T17:58:52.199Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-2103 (GCVE-0-2024-2103)

    Vulnerability from cvelistv5 – Published: 2024-04-04 15:18 – Updated: 2024-08-01 19:03
    VLAI
    Title
    Inclusion of Undocumented Features
    Summary
    Inclusion of undocumented features vulnerability accessible when logged on with a privileged access level on the following Schweitzer Engineering Laboratories relays could allow the relay to behave unpredictably: SEL-700BT Motor Bus Transfer Relay, SEL-700G Generator Protection Relay, SEL-710-5 Motor Protection Relay, SEL-751 Feeder Protection Relay, SEL-787-2/-3/-4 Transformer Protection Relay, SEL-787Z High-Impedance Differential Relay . See product instruction manual appendix A dated 20240308 for more details regarding the SEL-751 Feeder Protection Relay. For more information for the other affected products, see their instruction manuals dated 20240329.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1242 - Inclusion of Undocumented Features
    Assigner
    SEL
    Date Public
    2024-04-04 15:00
    Credits
    Anonymous Researcher
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2103",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-04T17:11:57.943227Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:28:59.654Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T19:03:39.137Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SEL-700BT Motor Bus Transfer Relay",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R301-V6",
                  "status": "affected",
                  "version": "R301-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R302-V1",
                  "status": "affected",
                  "version": "R302-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": " SEL-700G Generator Protection Relay",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R301-V6",
                  "status": "affected",
                  "version": "R100-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R302-V1",
                  "status": "affected",
                  "version": "R302-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SEL-710-5 Motor Protection Relay",
              "vendor": "SEL-710-5 Motor Protection Relay",
              "versions": [
                {
                  "lessThan": "R302-V1",
                  "status": "affected",
                  "version": "R100-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SEL-751 Feeder Protection Relay",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R302-V3",
                  "status": "affected",
                  "version": "R101-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R400-V2",
                  "status": "affected",
                  "version": "R400-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SEL-787-2/-3/-4 Transformer Protection Relay",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R302-V1",
                  "status": "affected",
                  "version": "R100-V0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SEL-787Z High-Impedance Differential Relay",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R302-V3",
                  "status": "affected",
                  "version": "R302-V0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Anonymous Researcher"
            }
          ],
          "datePublic": "2024-04-04T15:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\n\nInclusion of undocumented features vulnerability accessible when logged on with a privileged access level on the following Schweitzer Engineering Laboratories relays could allow the relay to behave unpredictably:\u003cbr\u003eSEL-700BT Motor Bus Transfer Relay, SEL-700G Generator Protection Relay, SEL-710-5 Motor Protection Relay, SEL-751 Feeder Protection Relay, SEL-787-2/-3/-4 Transformer Protection Relay, SEL-787Z High-Impedance Differential Relay\u003cbr\u003e\u003cbr\u003e. See product instruction manual appendix A dated 20240308 for more details regarding the SEL-751 Feeder Protection Relay. For more information for the other affected products, see their instruction manuals dated 20240329.\u003cp\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e\u003cbr\u003e\u003c/span\u003e\u003c/p\u003e"
                }
              ],
              "value": "\nInclusion of undocumented features vulnerability accessible when logged on with a privileged access level on the following Schweitzer Engineering Laboratories relays could allow the relay to behave unpredictably:\nSEL-700BT Motor Bus Transfer Relay, SEL-700G Generator Protection Relay, SEL-710-5 Motor Protection Relay, SEL-751 Feeder Protection Relay, SEL-787-2/-3/-4 Transformer Protection Relay, SEL-787Z High-Impedance Differential Relay\n\n. See product instruction manual appendix A dated 20240308 for more details regarding the SEL-751 Feeder Protection Relay. For more information for the other affected products, see their instruction manuals dated 20240329.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1242",
                  "description": "CWE-1242: Inclusion of Undocumented Features",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-04T15:57:14.010Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Inclusion of Undocumented Features",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2024-2103",
        "datePublished": "2024-04-04T15:18:01.645Z",
        "dateReserved": "2024-03-01T16:25:22.105Z",
        "dateUpdated": "2024-08-01T19:03:39.137Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2267 (GCVE-0-2023-2267)

    Vulnerability from cvelistv5 – Published: 2023-11-30 16:58 – Updated: 2024-08-02 06:19
    VLAI
    Title
    Improper input validation could lead to reflection injection attacks
    Summary
    An Improper Input Validation vulnerability in Schweitzer Engineering Laboratories SEL-411L could allow an attacker to perform reflection attacks against an authorized and authenticated user. See product Instruction Manual Appendix A dated 20230830 for more details.
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    SEL
    Impacted products
    Vendor Product Version
    Schweitzer Engineering Laboratories SEL-411L Affected: R118-V0 , < R118-V4 (custom)
    Affected: R119-V0 , < R119-V5 (custom)
    Affected: R120-V0 , < R120-V6 (custom)
    Affected: R121-V0 , < R121-V3 (custom)
    Affected: R122-V0 , < R122-V3 (custom)
    Affected: R123-V0 , < R123-V3 (custom)
    Affected: R124-V0 , < R124-V3 (custom)
    Affected: R125-V0 , < R125-V3 (custom)
    Affected: R126-V0 , < R126-V4 (custom)
    Affected: R127-V0 , < R127-V2 (custom)
    Affected: R128-V0 , < R128-V1 (custom)
    Affected: R129-V0 , < R129-V1 (custom)
    Create a notification for this product.
    Date Public
    2023-11-30 09:56
    Credits
    Sushant Mane, Parul Sindhwad, Imran Jamadar & Dr. Faruk Kazi from CoE-CNDS Lab, VJTI, Mumbai, India.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:19:14.317Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SEL-411L",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R118-V4",
                  "status": "affected",
                  "version": "R118-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R119-V5",
                  "status": "affected",
                  "version": "R119-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R120-V6",
                  "status": "affected",
                  "version": "R120-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R121-V3",
                  "status": "affected",
                  "version": "R121-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R122-V3",
                  "status": "affected",
                  "version": "R122-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R123-V3",
                  "status": "affected",
                  "version": "R123-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R124-V3",
                  "status": "affected",
                  "version": "R124-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R125-V3",
                  "status": "affected",
                  "version": "R125-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R126-V4",
                  "status": "affected",
                  "version": "R126-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R127-V2",
                  "status": "affected",
                  "version": "R127-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R128-V1",
                  "status": "affected",
                  "version": "R128-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R129-V1",
                  "status": "affected",
                  "version": "R129-V0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Sushant Mane, Parul Sindhwad, Imran Jamadar \u0026 Dr. Faruk Kazi from CoE-CNDS Lab, VJTI, Mumbai, India."
            }
          ],
          "datePublic": "2023-11-30T09:56:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Improper Input Validation vulnerability in Schweitzer Engineering Laboratories SEL-411L could allow an attacker to perform reflection attacks against an authorized and authenticated user.\u003cbr\u003e\u003cbr\u003e\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n\u003cbr\u003e"
                }
              ],
              "value": "An Improper Input Validation vulnerability in Schweitzer Engineering Laboratories SEL-411L could allow an attacker to perform reflection attacks against an authorized and authenticated user.\n\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-138",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-138 Reflection Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-30T16:58:44.063Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper input validation could lead to reflection injection attacks",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-2267",
        "datePublished": "2023-11-30T16:58:44.063Z",
        "dateReserved": "2023-04-24T23:21:10.937Z",
        "dateUpdated": "2024-08-02T06:19:14.317Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2266 (GCVE-0-2023-2266)

    Vulnerability from cvelistv5 – Published: 2023-11-30 16:57 – Updated: 2024-08-02 06:19
    VLAI
    Title
    Improper neutralization of input during web page generation could lead to cross-site scripting based attacks
    Summary
    An Improper neutralization of input during web page generation in the Schweitzer Engineering Laboratories SEL-411L could allow an attacker to generate cross-site scripting based attacks against an authorized and authenticated user. See product Instruction Manual Appendix A dated 20230830 for more details.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    SEL
    Impacted products
    Vendor Product Version
    Schweitzer Engineering Laboratories SEL-411L Affected: R118-V0 , < R118-V4 (custom)
    Affected: R119-V0 , < R119-V5 (custom)
    Affected: R120-V0 , < R120-V6 (custom)
    Affected: R121-V0 , < R121-V3 (custom)
    Affected: R122-V0 , < R122-V3 (custom)
    Affected: R123-V0 , < R123-V3 (custom)
    Affected: R124-V0 , < R124-V3 (custom)
    Affected: R125-V0 , < R125-V3 (custom)
    Affected: R126-V0 , < R126-V4 (custom)
    Affected: R127-V0 , < R127-V2 (custom)
    Affected: R128-V0 , < R128-V1 (custom)
    Affected: R129-V0 , < R129-V1 (custom)
    Create a notification for this product.
    Date Public
    2023-11-30 09:56
    Credits
    Sushant Mane, Parul Sindhwad, Imran Jamadar & Dr. Faruk Kazi from CoE-CNDS Lab, VJTI, Mumbai, India.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:19:14.119Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SEL-411L",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R118-V4",
                  "status": "affected",
                  "version": "R118-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R119-V5",
                  "status": "affected",
                  "version": "R119-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R120-V6",
                  "status": "affected",
                  "version": "R120-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R121-V3",
                  "status": "affected",
                  "version": "R121-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R122-V3",
                  "status": "affected",
                  "version": "R122-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R123-V3",
                  "status": "affected",
                  "version": "R123-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R124-V3",
                  "status": "affected",
                  "version": "R124-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R125-V3",
                  "status": "affected",
                  "version": "R125-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R126-V4",
                  "status": "affected",
                  "version": "R126-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R127-V2",
                  "status": "affected",
                  "version": "R127-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R128-V1",
                  "status": "affected",
                  "version": "R128-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R129-V1",
                  "status": "affected",
                  "version": "R129-V0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Sushant Mane, Parul Sindhwad, Imran Jamadar \u0026 Dr. Faruk Kazi from CoE-CNDS Lab, VJTI, Mumbai, India."
            }
          ],
          "datePublic": "2023-11-30T09:56:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An\u0026nbsp;Improper neutralization of input during web page generation in the Schweitzer Engineering Laboratories SEL-411L\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould allow an attacker to generate cross-site scripting based attacks against an authorized and authenticated user.\u003cbr\u003e\u003cbr\u003e\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "An\u00a0Improper neutralization of input during web page generation in the Schweitzer Engineering Laboratories SEL-411L\u00a0could allow an attacker to generate cross-site scripting based attacks against an authorized and authenticated user.\n\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63 Cross-Site Scripting (XSS)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-30T16:58:00.174Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper neutralization of input during web page generation could lead to cross-site scripting based attacks",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-2266",
        "datePublished": "2023-11-30T16:57:34.955Z",
        "dateReserved": "2023-04-24T23:21:09.897Z",
        "dateUpdated": "2024-08-02T06:19:14.119Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2265 (GCVE-0-2023-2265)

    Vulnerability from cvelistv5 – Published: 2023-11-30 16:55 – Updated: 2024-08-02 06:19
    VLAI
    Title
    Improper restriction of rendered UI layers or frames could lead to clickjacking attack
    Summary
    An Improper Restriction of Rendered UI Layers or Frames in the Schweitzer Engineering Laboratories SEL-411L could allow an unauthenticated attacker to perform clickjacking based attacks against an authenticated and authorized user. See product Instruction Manual Appendix A dated 20230830 for more details.
    CWE
    • CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
    Assigner
    SEL
    Impacted products
    Vendor Product Version
    Schweitzer Engineering Laboratories SEL-411L Affected: R118-V0 , < R118-V4 (custom)
    Affected: R119-V0 , < R119-V5 (custom)
    Affected: R120-V0 , < R120-V6 (custom)
    Affected: R121-V0 , < R121-V3 (custom)
    Affected: R122-V0 , < R122-V3 (custom)
    Affected: R123-V0 , < R123-V3 (custom)
    Affected: R124-V0 , < R124-V3 (custom)
    Affected: R125-V0 , < R125-V3 (custom)
    Affected: R126-V0 , < R126-V4 (custom)
    Affected: R127-V0 , < R127-V2 (custom)
    Affected: R128-V0 , < R128-V1 (custom)
    Affected: R129-V0 , < R129-V1 (custom)
    Create a notification for this product.
    Date Public
    2023-11-30 09:56
    Credits
    Sushant Mane, Parul Sindhwad, Imran Jamadar & Dr. Faruk Kazi from CoE-CNDS Lab, VJTI, Mumbai, India.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:19:14.136Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SEL-411L",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R118-V4",
                  "status": "affected",
                  "version": "R118-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R119-V5",
                  "status": "affected",
                  "version": "R119-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R120-V6",
                  "status": "affected",
                  "version": "R120-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R121-V3",
                  "status": "affected",
                  "version": "R121-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R122-V3",
                  "status": "affected",
                  "version": "R122-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R123-V3",
                  "status": "affected",
                  "version": "R123-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R124-V3",
                  "status": "affected",
                  "version": "R124-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R125-V3",
                  "status": "affected",
                  "version": "R125-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R126-V4",
                  "status": "affected",
                  "version": "R126-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R127-V2",
                  "status": "affected",
                  "version": "R127-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R128-V1",
                  "status": "affected",
                  "version": "R128-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R129-V1",
                  "status": "affected",
                  "version": "R129-V0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Sushant Mane, Parul Sindhwad, Imran Jamadar \u0026 Dr. Faruk Kazi from CoE-CNDS Lab, VJTI, Mumbai, India."
            }
          ],
          "datePublic": "2023-11-30T09:56:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An\u0026nbsp;Improper Restriction of Rendered UI Layers or Frames in the Schweitzer Engineering Laboratories SEL-411L could allow an unauthenticated attacker to perform clickjacking based attacks against an authenticated and authorized user.\u003cbr\u003e\u003cbr\u003e\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\u003cbr\u003e"
                }
              ],
              "value": "An\u00a0Improper Restriction of Rendered UI Layers or Frames in the Schweitzer Engineering Laboratories SEL-411L could allow an unauthenticated attacker to perform clickjacking based attacks against an authenticated and authorized user.\n\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-103",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-103 Clickjacking"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1021",
                  "description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-30T16:55:55.901Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper restriction of rendered UI layers or frames could lead to clickjacking attack",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-2265",
        "datePublished": "2023-11-30T16:55:55.901Z",
        "dateReserved": "2023-04-24T23:20:54.900Z",
        "dateUpdated": "2024-08-02T06:19:14.136Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2264 (GCVE-0-2023-2264)

    Vulnerability from cvelistv5 – Published: 2023-11-30 16:55 – Updated: 2025-06-03 02:31
    VLAI
    Title
    Improper input validition could lead to code injection
    Summary
    An improper input validation vulnerability in the Schweitzer Engineering Laboratories SEL-411L could allow a malicious actor to manipulate authorized users to click on a link that could allow undesired behavior. See product Instruction Manual Appendix A dated 20230830 for more details.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    SEL
    Impacted products
    Vendor Product Version
    Schweitzer Engineering Laboratories SEL-411L Affected: R118-V0 , < R118-V4 (custom)
    Affected: R119-V0 , < R119-V5 (custom)
    Affected: R120-V0 , < R120-V6 (custom)
    Affected: R121-V0 , < R121-V3 (custom)
    Affected: R122-V0 , < R122-V3 (custom)
    Affected: R123-V0 , < R123-V3 (custom)
    Affected: R124-V0 , < R124-V3 (custom)
    Affected: R125-V0 , < R125-V3 (custom)
    Affected: R126-V0 , < R126-V4 (custom)
    Affected: R127-V0 , < R127-V2 (custom)
    Affected: R128-V0 , < R128-V1 (custom)
    Affected: R129-V0 , < R129-V1 (custom)
    Create a notification for this product.
    Date Public
    2023-11-30 09:56
    Credits
    Sushant Mane, Parul Sindhwad, Imran Jamadar & Dr. Faruk Kazi from CoE-CNDS Lab, VJTI, Mumbai, India.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:19:14.117Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2264",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-03T02:31:18.344412Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-03T02:31:35.503Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SEL-411L",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R118-V4",
                  "status": "affected",
                  "version": "R118-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R119-V5",
                  "status": "affected",
                  "version": "R119-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R120-V6",
                  "status": "affected",
                  "version": "R120-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R121-V3",
                  "status": "affected",
                  "version": "R121-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R122-V3",
                  "status": "affected",
                  "version": "R122-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R123-V3",
                  "status": "affected",
                  "version": "R123-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R124-V3",
                  "status": "affected",
                  "version": "R124-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R125-V3",
                  "status": "affected",
                  "version": "R125-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R126-V4",
                  "status": "affected",
                  "version": "R126-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R127-V2",
                  "status": "affected",
                  "version": "R127-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R128-V1",
                  "status": "affected",
                  "version": "R128-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R129-V1",
                  "status": "affected",
                  "version": "R129-V0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Sushant Mane, Parul Sindhwad, Imran Jamadar \u0026 Dr. Faruk Kazi from CoE-CNDS Lab, VJTI, Mumbai, India."
            }
          ],
          "datePublic": "2023-11-30T09:56:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An improper input validation vulnerability in the Schweitzer Engineering Laboratories SEL-411L could allow a malicious actor to manipulate authorized users to click on a link that could allow undesired behavior.\u003cbr\u003e\u003cbr\u003e\n\n\u003cp\u003eSee product Instruction Manual Appendix A dated 20230830 for more details.\u003c/p\u003e"
                }
              ],
              "value": "An improper input validation vulnerability in the Schweitzer Engineering Laboratories SEL-411L could allow a malicious actor to manipulate authorized users to click on a link that could allow undesired behavior.\n\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242 Code Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-30T16:55:28.541Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper input validition could lead to code injection",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-2264",
        "datePublished": "2023-11-30T16:55:28.541Z",
        "dateReserved": "2023-04-24T23:18:40.218Z",
        "dateUpdated": "2025-06-03T02:31:35.503Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-34390 (GCVE-0-2023-34390)

    Vulnerability from cvelistv5 – Published: 2023-11-30 16:54 – Updated: 2024-08-02 16:10
    VLAI
    Title
    Improper input validation could lead to denial of service
    Summary
    An input validation vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to create a denial of service against the system and locking out services. See product Instruction Manual Appendix A dated 20230830 for more details.
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    SEL
    Impacted products
    Vendor Product Version
    Schweitzer Engineering Laboratories SEL-451 Affected: R315-V0 , < R315-V4 (custom)
    Affected: R316-V0 , < R316-V4 (custom)
    Affected: R317-V0 , < R317-V4 (custom)
    Affected: R318-V0 , < R318-V5 (custom)
    Affected: R320-V0 , < R320-V3 (custom)
    Affected: R321-V0 , < R321-V3 (custom)
    Affected: R322-V0 , < R322-V3 (custom)
    Affected: R323-V0 , < R323-V5 (custom)
    Affected: R324-V0 , < R324-V4 (custom)
    Affected: R325-V0 , < R325-V3 (custom)
    Affected: R326-V0 , < R326-V1 (custom)
    Affected: R327-V0 , < R327-V1 (custom)
    Create a notification for this product.
    Date Public
    2023-11-30 09:56
    Credits
    Andrea Palanca and Gabriele Quagliarella of Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:10:06.673Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nozominetworks.com/blog/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SEL-451",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R315-V4",
                  "status": "affected",
                  "version": "R315-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R316-V4",
                  "status": "affected",
                  "version": "R316-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R317-V4",
                  "status": "affected",
                  "version": "R317-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R318-V5",
                  "status": "affected",
                  "version": "R318-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R320-V3",
                  "status": "affected",
                  "version": "R320-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R321-V3",
                  "status": "affected",
                  "version": "R321-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R322-V3",
                  "status": "affected",
                  "version": "R322-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R323-V5",
                  "status": "affected",
                  "version": "R323-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R324-V4",
                  "status": "affected",
                  "version": "R324-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R325-V3",
                  "status": "affected",
                  "version": "R325-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R326-V1",
                  "status": "affected",
                  "version": "R326-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R327-V1",
                  "status": "affected",
                  "version": "R327-V0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Andrea Palanca and Gabriele Quagliarella of Nozomi Networks"
            }
          ],
          "datePublic": "2023-11-30T09:56:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An input validation vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to create a denial of service against the system and locking out services.\u003cbr\u003e\u003cbr\u003e\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n\u003cbr\u003e"
                }
              ],
              "value": "An input validation vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to create a denial of service against the system and locking out services.\n\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-25",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-25 Forced Deadlock"
                }
              ]
            },
            {
              "capecId": "CAPEC-469",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-469 HTTP DoS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 4.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-30T16:54:54.190Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            },
            {
              "url": "https://www.nozominetworks.com/blog/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": " Improper input validation could lead to denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-34390",
        "datePublished": "2023-11-30T16:54:54.190Z",
        "dateReserved": "2023-06-02T17:18:29.697Z",
        "dateUpdated": "2024-08-02T16:10:06.673Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-34389 (GCVE-0-2023-34389)

    Vulnerability from cvelistv5 – Published: 2023-11-30 16:54 – Updated: 2024-12-02 17:53
    VLAI
    Title
    Allocation of resources without limits could lead to denial of service
    Summary
    An allocation of resources without limits or throttling vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to make the system unavailable for an indefinite amount of time. See product Instruction Manual Appendix A dated 20230830 for more details.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    SEL
    Impacted products
    Vendor Product Version
    Schweitzer Engineering Laboratories SEL-451 Affected: R315-V0 , < R315-V4 (custom)
    Affected: R316-V0 , < R316-V4 (custom)
    Affected: R317-V0 , < R317-V4 (custom)
    Affected: R318-V0 , < R318-V5 (custom)
    Affected: R320-V0 , < R320-V3 (custom)
    Affected: R321-V0 , < R321-V3 (custom)
    Affected: R322-V0 , < R322-V3 (custom)
    Affected: R323-V0 , < R323-V5 (custom)
    Affected: R324-V0 , < R324-V4 (custom)
    Affected: R325-V0 , < R325-V3 (custom)
    Affected: R326-V0 , < R326-V1 (custom)
    Affected: R327-V0 , < R327-V1 (custom)
    Create a notification for this product.
    Date Public
    2023-11-30 09:56
    Credits
    Andrea Palanca and Gabriele Quagliarella of Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:10:06.826Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nozominetworks.com/blog/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34389",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-12-05T15:22:53.970614Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-02T17:53:15.070Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SEL-451",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R315-V4",
                  "status": "affected",
                  "version": "R315-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R316-V4",
                  "status": "affected",
                  "version": "R316-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R317-V4",
                  "status": "affected",
                  "version": "R317-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R318-V5",
                  "status": "affected",
                  "version": "R318-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R320-V3",
                  "status": "affected",
                  "version": "R320-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R321-V3",
                  "status": "affected",
                  "version": "R321-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R322-V3",
                  "status": "affected",
                  "version": "R322-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R323-V5",
                  "status": "affected",
                  "version": "R323-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R324-V4",
                  "status": "affected",
                  "version": "R324-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R325-V3",
                  "status": "affected",
                  "version": "R325-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R326-V1",
                  "status": "affected",
                  "version": "R326-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R327-V1",
                  "status": "affected",
                  "version": "R327-V0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Andrea Palanca and Gabriele Quagliarella of Nozomi Networks"
            }
          ],
          "datePublic": "2023-11-30T09:56:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An allocation of resources without limits or throttling vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to make the system unavailable for an indefinite amount of time.\u003cbr\u003e\u003cbr\u003e\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n\u003cbr\u003e"
                }
              ],
              "value": "An allocation of resources without limits or throttling vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to make the system unavailable for an indefinite amount of time.\n\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-469",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-469 HTTP DoS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 4.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-30T16:54:29.986Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            },
            {
              "url": "https://www.nozominetworks.com/blog/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Allocation of resources without limits could lead to denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-34389",
        "datePublished": "2023-11-30T16:54:29.986Z",
        "dateReserved": "2023-06-02T17:18:29.697Z",
        "dateUpdated": "2024-12-02T17:53:15.070Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-34388 (GCVE-0-2023-34388)

    Vulnerability from cvelistv5 – Published: 2023-11-30 16:54 – Updated: 2025-06-03 13:46
    VLAI
    Title
    Improper authentication could lead to session hijacking
    Summary
    An Improper Authentication vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote unauthenticated attacker to potentially perform session hijacking attack and bypass authentication. See product Instruction Manual Appendix A dated 20230830 for more details.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    SEL
    Impacted products
    Vendor Product Version
    Schweitzer Engineering Laboratories SEL-451 Affected: R315-V0 , < R315-V4 (custom)
    Affected: R316-V0 , < R316-V4 (custom)
    Affected: R317-V0 , < R317-V4 (custom)
    Affected: R318-V0 , < R318-V5 (custom)
    Affected: R320-V0 , < R320-V3 (custom)
    Affected: R321-V0 , < R321-V3 (custom)
    Affected: R322-V0 , < R322-V3 (custom)
    Affected: R323-V0 , < R323-V5 (custom)
    Affected: R324-V0 , < R324-V4 (custom)
    Affected: R325-V0 , < R325-V3 (custom)
    Affected: R326-V0 , < R326-V1 (custom)
    Affected: R327-V0 , < R327-V1 (custom)
    Create a notification for this product.
    Date Public
    2023-11-30 09:56
    Credits
    Andrea Palanca and Gabriele Quagliarella of Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:10:07.027Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nozominetworks.com/blog/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34388",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-03T13:45:41.836921Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-03T13:46:12.767Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SEL-451",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R315-V4",
                  "status": "affected",
                  "version": "R315-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R316-V4",
                  "status": "affected",
                  "version": "R316-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R317-V4",
                  "status": "affected",
                  "version": "R317-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R318-V5",
                  "status": "affected",
                  "version": "R318-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R320-V3",
                  "status": "affected",
                  "version": "R320-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R321-V3",
                  "status": "affected",
                  "version": "R321-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R322-V3",
                  "status": "affected",
                  "version": "R322-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R323-V5",
                  "status": "affected",
                  "version": "R323-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R324-V4",
                  "status": "affected",
                  "version": "R324-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R325-V3",
                  "status": "affected",
                  "version": "R325-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R326-V1",
                  "status": "affected",
                  "version": "R326-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R327-V1",
                  "status": "affected",
                  "version": "R327-V0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Andrea Palanca and Gabriele Quagliarella of Nozomi Networks"
            }
          ],
          "datePublic": "2023-11-30T09:56:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An\u0026nbsp;Improper Authentication vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote unauthenticated attacker to potentially perform session hijacking attack and bypass authentication.\u003cbr\u003e\u003cbr\u003e\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n\u003cbr\u003e"
                }
              ],
              "value": "An\u00a0Improper Authentication vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote unauthenticated attacker to potentially perform session hijacking attack and bypass authentication.\n\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            },
            {
              "capecId": "CAPEC-593",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-593 Session Hijacking"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-30T16:54:08.503Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            },
            {
              "url": "https://www.nozominetworks.com/blog/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper authentication could lead to session hijacking",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-34388",
        "datePublished": "2023-11-30T16:54:08.503Z",
        "dateReserved": "2023-06-02T17:18:29.696Z",
        "dateUpdated": "2025-06-03T13:46:12.767Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31177 (GCVE-0-2023-31177)

    Vulnerability from cvelistv5 – Published: 2023-11-30 16:53 – Updated: 2024-08-02 14:45
    VLAI
    Title
    Improper neutralizataion of input could lead to execution of arbitrary code
    Summary
    An Improper Neutralization of Input During Web Page Generation  ('Cross-site Scripting') in the Schweitzer Engineering Laboratories SEL-451 could allow an attacker to craft a link that could execute arbitrary code on a victim's system. See product Instruction Manual Appendix A dated 20230830 for more details.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    SEL
    Impacted products
    Vendor Product Version
    Schweitzer Engineering Laboratories SEL-451 Affected: R315-V0 , < R315-V4 (custom)
    Affected: R316-V0 , < R316-V4 (custom)
    Affected: R317-V0 , < R317-V4 (custom)
    Affected: R318-V0 , < R318-V5 (custom)
    Affected: R320-V0 , < R320-V3 (custom)
    Affected: R321-V0 , < R321-V3 (custom)
    Affected: R322-V0 , < R322-V3 (custom)
    Affected: R323-V0 , < R323-V5 (custom)
    Affected: R324-V0 , < R324-V4 (custom)
    Affected: R325-V0 , < R325-V3 (custom)
    Affected: R326-V0 , < R326-V1 (custom)
    Affected: R327-V0 , < R327-V1 (custom)
    Create a notification for this product.
    Date Public
    2023-11-30 09:56
    Credits
    Andrea Palanca and Gabriele Quagliarella of Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:45:25.869Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nozominetworks.com/blog/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SEL-451",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R315-V4",
                  "status": "affected",
                  "version": "R315-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R316-V4",
                  "status": "affected",
                  "version": "R316-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R317-V4",
                  "status": "affected",
                  "version": "R317-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R318-V5",
                  "status": "affected",
                  "version": "R318-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R320-V3",
                  "status": "affected",
                  "version": "R320-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R321-V3",
                  "status": "affected",
                  "version": "R321-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R322-V3",
                  "status": "affected",
                  "version": "R322-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R323-V5",
                  "status": "affected",
                  "version": "R323-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R324-V4",
                  "status": "affected",
                  "version": "R324-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R325-V3",
                  "status": "affected",
                  "version": "R325-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R326-V1",
                  "status": "affected",
                  "version": "R326-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R327-V1",
                  "status": "affected",
                  "version": "R327-V0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Andrea Palanca and Gabriele Quagliarella of Nozomi Networks"
            }
          ],
          "datePublic": "2023-11-30T09:56:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Improper Neutralization of Input During Web Page Generation\u0026nbsp; (\u0027Cross-site Scripting\u0027) in the Schweitzer Engineering Laboratories SEL-451 could allow an attacker to craft a link that could execute arbitrary code on a victim\u0027s system.\u003cbr\u003e\u003cbr\u003e\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n\u003cbr\u003e"
                }
              ],
              "value": "An Improper Neutralization of Input During Web Page Generation\u00a0 (\u0027Cross-site Scripting\u0027) in the Schweitzer Engineering Laboratories SEL-451 could allow an attacker to craft a link that could execute arbitrary code on a victim\u0027s system.\n\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63 Cross-Site Scripting (XSS)"
                }
              ]
            },
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242 Code Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-30T16:53:34.046Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            },
            {
              "url": "https://www.nozominetworks.com/blog/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper neutralizataion of input could lead to execution of arbitrary code",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-31177",
        "datePublished": "2023-11-30T16:53:34.046Z",
        "dateReserved": "2023-04-24T23:20:01.610Z",
        "dateUpdated": "2024-08-02T14:45:25.869Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31176 (GCVE-0-2023-31176)

    Vulnerability from cvelistv5 – Published: 2023-11-30 16:53 – Updated: 2024-10-16 19:21
    VLAI
    Title
    Insufficient entropy vulnerability could lead to authentication bypass
    Summary
    An Insufficient Entropy vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow an unauthenticated remote attacker to brute-force session tokens and bypass authentication.  See product Instruction Manual Appendix A dated 20230830 for more details.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    SEL
    Impacted products
    Vendor Product Version
    Schweitzer Engineering Laboratories SEL-451 Affected: R315-V0 , < R315-V4 (custom)
    Affected: R316-V0 , < R316-V4 (custom)
    Affected: R317-V0 , < R317-V4 (custom)
    Affected: R318-V0 , < R318-V5 (custom)
    Affected: R320-V0 , < R320-V3 (custom)
    Affected: R321-V0 , < R321-V3 (custom)
    Affected: R322-V0 , < R322-V3 (custom)
    Affected: R323-V0 , < R323-V5 (custom)
    Affected: R324-V0 , < R324-V4 (custom)
    Affected: R325-V0 , < R325-V3 (custom)
    Affected: R326-V0 , < R326-V1 (custom)
    Affected: R327-V0 , < R327-V1 (custom)
    Create a notification for this product.
    selinc sel-451_firmware Affected: R315-V0 , < R315-V4 (custom)
    Affected: R316-V0 , < R316-V4 (custom)
    Affected: R317-V0 , < R317-V4 (custom)
    Affected: R318-V0 , < R318-V5 (custom)
    Affected: R320-V0 , < R320-V3 (custom)
    Affected: R321-V0 , < R321-V3 (custom)
    Affected: R322-V0 , < R322-V3 (custom)
    Affected: R323-V0 , < R323-V5 (custom)
    Affected: R324-V0 , < R324-V4 (custom)
    Affected: R325-V0 , < R325-V3 (custom)
    Affected: R326-V0 , < R326-V1 (custom)
    Affected: R327-V0 , < R327-V1 (custom)
        cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-11-30 09:56
    Credits
    Andrea Palanca and Gabriele Quagliarella of Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:45:25.800Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nozominetworks.com/blog/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:selinc:sel-451_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sel-451_firmware",
                "vendor": "selinc",
                "versions": [
                  {
                    "lessThan": "R315-V4",
                    "status": "affected",
                    "version": "R315-V0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "R316-V4",
                    "status": "affected",
                    "version": "R316-V0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "R317-V4",
                    "status": "affected",
                    "version": "R317-V0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "R318-V5",
                    "status": "affected",
                    "version": "R318-V0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "R320-V3",
                    "status": "affected",
                    "version": "R320-V0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "R321-V3",
                    "status": "affected",
                    "version": "R321-V0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "R322-V3",
                    "status": "affected",
                    "version": "R322-V0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "R323-V5",
                    "status": "affected",
                    "version": "R323-V0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "R324-V4",
                    "status": "affected",
                    "version": "R324-V0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "R325-V3",
                    "status": "affected",
                    "version": "R325-V0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "R326-V1",
                    "status": "affected",
                    "version": "R326-V0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "R327-V1",
                    "status": "affected",
                    "version": "R327-V0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31176",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-15T17:28:37.960490Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-16T19:21:05.142Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SEL-451",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "R315-V4",
                  "status": "affected",
                  "version": "R315-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R316-V4",
                  "status": "affected",
                  "version": "R316-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R317-V4",
                  "status": "affected",
                  "version": "R317-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R318-V5",
                  "status": "affected",
                  "version": "R318-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R320-V3",
                  "status": "affected",
                  "version": "R320-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R321-V3",
                  "status": "affected",
                  "version": "R321-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R322-V3",
                  "status": "affected",
                  "version": "R322-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R323-V5",
                  "status": "affected",
                  "version": "R323-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R324-V4",
                  "status": "affected",
                  "version": "R324-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R325-V3",
                  "status": "affected",
                  "version": "R325-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R326-V1",
                  "status": "affected",
                  "version": "R326-V0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R327-V1",
                  "status": "affected",
                  "version": "R327-V0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Andrea Palanca and Gabriele Quagliarella of Nozomi Networks"
            }
          ],
          "datePublic": "2023-11-30T09:56:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Insufficient Entropy vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow an unauthenticated remote attacker to brute-force session tokens and bypass authentication.\u0026nbsp;\u003cbr\u003e\u003cp\u003e\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\u003c/p\u003e\n\n"
                }
              ],
              "value": "An Insufficient Entropy vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow an unauthenticated remote attacker to brute-force session tokens and bypass authentication.\u00a0\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-331",
                  "description": "CWE-331 Insufficient Entropy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-30T16:53:11.383Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            },
            {
              "url": "https://www.nozominetworks.com/blog/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Insufficient entropy vulnerability could lead to authentication bypass",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-31176",
        "datePublished": "2023-11-30T16:53:11.383Z",
        "dateReserved": "2023-04-24T23:20:01.609Z",
        "dateUpdated": "2024-10-16T19:21:05.142Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-34392 (GCVE-0-2023-34392)

    Vulnerability from cvelistv5 – Published: 2023-08-31 15:31 – Updated: 2024-10-01 16:59
    VLAI
    Title
    Missing Authentication for Critical Function
    Summary
    A Missing Authentication for Critical Function vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run arbitrary commands on managed devices by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    SEL
    Impacted products
    Date Public
    2023-08-31 16:00
    Credits
    Andrea Palanca and Gabriele Quagliarella of Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:10:06.984Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://selinc.com/support/security-notifications/external-reports/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nozominetworks.com/blog/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34392",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-01T16:59:13.785566Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-01T16:59:22.498Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "SEL-5037 SEL Grid Configurator",
              "vendor": "Schweitzer Engineering Laboratories",
              "versions": [
                {
                  "lessThan": "4.5.0.20",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Andrea Palanca and Gabriele Quagliarella of Nozomi Networks"
            }
          ],
          "datePublic": "2023-08-31T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nA Missing Authentication for Critical Function vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run arbitrary commands on managed devices by an authorized device operator.\n\n\u003cbr\u003e\u003cbr\u003e\n\nSee Instruction Manual Appendix A and Appendix E dated 20230615 for more details.\n\n\u003cbr\u003e\u003cp\u003eThis issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20.\u003c/p\u003e"
                }
              ],
              "value": "\nA Missing Authentication for Critical Function vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run arbitrary commands on managed devices by an authorized device operator.\n\n\n\n\n\nSee Instruction Manual Appendix A and Appendix E dated 20230615 for more details.\n\n\nThis issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-180",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-31T15:31:57.140Z",
            "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
            "shortName": "SEL"
          },
          "references": [
            {
              "url": "https://selinc.com/support/security-notifications/external-reports/"
            },
            {
              "url": "https://www.nozominetworks.com/blog/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Missing Authentication for Critical Function",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "assignerShortName": "SEL",
        "cveId": "CVE-2023-34392",
        "datePublished": "2023-08-31T15:31:57.140Z",
        "dateReserved": "2023-06-02T17:18:29.697Z",
        "dateUpdated": "2024-10-01T16:59:22.498Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }