CVE-2023-34388

An Improper Authentication vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote unauthenticated attacker to potentially perform session hijacking attack and bypass authentication.

See product Instruction Manual Appendix A dated 20230830 for more details.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name	Vendor	Start Version	End Version
Sel-451_firmware	Selinc	r315-v0 (including)	r315-v4 (excluding)
Sel-451_firmware	Selinc	r316-v0 (including)	r316-v4 (excluding)
Sel-451_firmware	Selinc	r317-v0 (including)	r317-v4 (excluding)
Sel-451_firmware	Selinc	r318-v0 (including)	r318-v5 (excluding)
Sel-451_firmware	Selinc	r320-v0 (including)	r320-v3 (excluding)
Sel-451_firmware	Selinc	r321-v0 (including)	r321-v3 (excluding)
Sel-451_firmware	Selinc	r322-v0 (including)	r322-v3 (excluding)
Sel-451_firmware	Selinc	r323-v0 (including)	r323-v5 (excluding)
Sel-451_firmware	Selinc	r324-v0 (including)	r324-v4 (excluding)
Sel-451_firmware	Selinc	r325-v0 (including)	r325-v3 (excluding)
Sel-451_firmware	Selinc	r326-v0 (including)	r326-v0 (including)
Sel-451_firmware	Selinc	r327-v0 (including)	r327-v0 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-34388
CWE	https://cwe.mitre.org/data/definitions/287.html

Improper Authentication

Weakness

Affected Software

Potential Mitigations

References

CVE-2023-34388

Improper Authentication

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References