Electric power management solutions developed by Schweitzer Engineering Laboratories (SEL) have nine security issues that have been found.
In a research released last week, Nozomi Networks stated that the “worst of those nine vulnerabilities would allow a threat actor to facilitate remote code execution (RCE) on an engineering workstation.”
The vulnerabilities affect the SEL-5030 acSELeratorQuickSet and SEL-5037 GridConfigurator, which are used to commission, configure, and monitor the devices. They are listed as CVE-2023-34392 and range in severity from 4.8 to 8.8.
Sending a phishing email that convinces a target engineer to import a specially crafted configuration file will allow the attacker to exploit CVE-2023-31171 and execute arbitrary code on the engineering workstation that is running the SEL software read more 9 Alarming Vulnerabilities Uncovered in SEL’s Power Management Products.
Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive coverage of the latest threats, breaches, and solutions.