CVE-2023-31176

Summary

An Insufficient Entropy vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow an unauthenticated remote attacker to brute-force session tokens and bypass authentication. 

See product Instruction Manual Appendix A dated 20230830 for more details.

Affected Software

VendorProductVersion RangeStatus
Schweitzer Engineering LaboratoriesSEL-451R315-V0 < R315-V4affected
Schweitzer Engineering LaboratoriesSEL-451R316-V0 < R316-V4affected
Schweitzer Engineering LaboratoriesSEL-451R317-V0 < R317-V4affected
Schweitzer Engineering LaboratoriesSEL-451R318-V0 < R318-V5affected
Schweitzer Engineering LaboratoriesSEL-451R320-V0 < R320-V3affected
Schweitzer Engineering LaboratoriesSEL-451R321-V0 < R321-V3affected
Schweitzer Engineering LaboratoriesSEL-451R322-V0 < R322-V3affected
Schweitzer Engineering LaboratoriesSEL-451R323-V0 < R323-V5affected
Schweitzer Engineering LaboratoriesSEL-451R324-V0 < R324-V4affected
Schweitzer Engineering LaboratoriesSEL-451R325-V0 < R325-V3affected
Schweitzer Engineering LaboratoriesSEL-451R326-V0 < R326-V1affected
Schweitzer Engineering LaboratoriesSEL-451R327-V0 < R327-V1affected

Weaknesses

  • CWE-331: CWE-331 Insufficient Entropy

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References