CVE-2023-31176

An Insufficient Entropy vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow an unauthenticated remote attacker to brute-force session tokens and bypass authentication.


See product Instruction Manual Appendix A dated 20230830 for more details.



ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
SELCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 32%
VendorProductVersion
selincsel-451_firmware
r315-v0 ≤
𝑥
< r315-v4
selincsel-451_firmware
r316-v0 ≤
𝑥
< r316-v4
selincsel-451_firmware
r317-v0 ≤
𝑥
< r317-v4
selincsel-451_firmware
r318-v0 ≤
𝑥
< r318-v5
selincsel-451_firmware
r320-v0 ≤
𝑥
< r320-v3
selincsel-451_firmware
r321-v0 ≤
𝑥
< r321-v3
selincsel-451_firmware
r322-v0 ≤
𝑥
< r322-v3
selincsel-451_firmware
r323-v0 ≤
𝑥
< r323-v5
selincsel-451_firmware
r324-v0 ≤
𝑥
< r324-v4
selincsel-451_firmware
r325-v0 ≤
𝑥
< r325-v3
𝑥
= Vulnerable software versions