Selinc: >> Sel-451 Firmware >> r324-v0 Security Vulnerabilities
An Improper Authentication vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote unauthenticated attacker to potentially perform session hijacking attack and bypass authentication.
See product Instruction Manual Appendix A dated 20230830 for more details.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-11-30
An allocation of resources without limits or throttling vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to make the system unavailable for an indefinite amount of time.
See product Instruction Manual Appendix A dated 20230830 for more details.
CVSS Score
4.5
EPSS Score
0.003
Published
2023-11-30
An input validation vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to create a denial of service against the system and locking out services.
See product Instruction Manual Appendix A dated 20230830 for more details.
CVSS Score
4.5
EPSS Score
0.003
Published
2023-11-30
An Insufficient Entropy vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow an unauthenticated remote attacker to brute-force session tokens and bypass authentication.
See product Instruction Manual Appendix A dated 20230830 for more details.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-11-30
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in the Schweitzer Engineering Laboratories SEL-451 could allow an attacker to craft a link that could execute arbitrary code on a victim's system.
See product Instruction Manual Appendix A dated 20230830 for more details.
CVSS Score
4.3
EPSS Score
0.002
Published
2023-11-30