CVE-2023-31176

EUVD-2023-35492
An Insufficient Entropy vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow an unauthenticated remote attacker to brute-force session tokens and bypass authentication. 


See product Instruction Manual Appendix A dated 20230830 for more details.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
SELCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 31%
Affected Products (NVD)
VendorProductVersion
selincsel-451_firmware
r315-v0 ≤
𝑥
< r315-v4
selincsel-451_firmware
r316-v0 ≤
𝑥
< r316-v4
selincsel-451_firmware
r317-v0 ≤
𝑥
< r317-v4
selincsel-451_firmware
r318-v0 ≤
𝑥
< r318-v5
selincsel-451_firmware
r320-v0 ≤
𝑥
< r320-v3
selincsel-451_firmware
r321-v0 ≤
𝑥
< r321-v3
selincsel-451_firmware
r322-v0 ≤
𝑥
< r322-v3
selincsel-451_firmware
r323-v0 ≤
𝑥
< r323-v5
selincsel-451_firmware
r324-v0 ≤
𝑥
< r324-v4
selincsel-451_firmware
r325-v0 ≤
𝑥
< r325-v3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://selinc.com/support/security-notifications/external-reports/
https://www.nozominetworks.com/blog/
https://selinc.com/support/security-notifications/external-reports/
https://www.nozominetworks.com/blog/