CVE-2023-31176

An Insufficient Entropy vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow an unauthenticated remote attacker to brute-force session tokens and bypass authentication. 


See product Instruction Manual Appendix A dated 20230830 for more details.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
selincsel-451_firmware
r315-v0 ≤
𝑥
< r315-v4
selincsel-451_firmware
r316-v0 ≤
𝑥
< r316-v4
selincsel-451_firmware
r317-v0 ≤
𝑥
< r317-v4
selincsel-451_firmware
r318-v0 ≤
𝑥
< r318-v5
selincsel-451_firmware
r320-v0 ≤
𝑥
< r320-v3
selincsel-451_firmware
r321-v0 ≤
𝑥
< r321-v3
selincsel-451_firmware
r322-v0 ≤
𝑥
< r322-v3
selincsel-451_firmware
r323-v0 ≤
𝑥
< r323-v5
selincsel-451_firmware
r324-v0 ≤
𝑥
< r324-v4
selincsel-451_firmware
r325-v0 ≤
𝑥
< r325-v3
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
selincsel-451_firmware
R315-V0 ≤
𝑥
< R315-V4
ADP
selincsel-451_firmware
R316-V0 ≤
𝑥
< R316-V4
ADP
selincsel-451_firmware
R317-V0 ≤
𝑥
< R317-V4
ADP
selincsel-451_firmware
R318-V0 ≤
𝑥
< R318-V5
ADP
selincsel-451_firmware
R320-V0 ≤
𝑥
< R320-V3
ADP
selincsel-451_firmware
R321-V0 ≤
𝑥
< R321-V3
ADP
selincsel-451_firmware
R322-V0 ≤
𝑥
< R322-V3
ADP
selincsel-451_firmware
R323-V0 ≤
𝑥
< R323-V5
ADP
selincsel-451_firmware
R324-V0 ≤
𝑥
< R324-V4
ADP
selincsel-451_firmware
R325-V0 ≤
𝑥
< R325-V3
ADP
selincsel-451_firmware
R326-V0 ≤
𝑥
< R326-V1
ADP
selincsel-451_firmware
R327-V0 ≤
𝑥
< R327-V1
ADP
Common Weakness Enumeration
References
https://selinc.com/support/security-notifications/external-reports/
https://www.nozominetworks.com/blog/
https://selinc.com/support/security-notifications/external-reports/
https://www.nozominetworks.com/blog/