{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-2103", "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699", "state": "PUBLISHED", "assignerShortName": "SEL", "dateReserved": "2024-03-01T16:25:22.105Z", "datePublished": "2024-04-04T15:18:01.645Z", "dateUpdated": "2024-08-01T19:03:39.137Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SEL-700BT Motor Bus Transfer Relay", "vendor": "Schweitzer Engineering Laboratories", "versions": [{"lessThan": "R301-V6", "status": "affected", "version": "R301-V0", "versionType": "custom"}, {"lessThan": "R302-V1", "status": "affected", "version": "R302-V0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": " SEL-700G Generator Protection Relay", "vendor": "Schweitzer Engineering Laboratories", "versions": [{"lessThan": "R301-V6", "status": "affected", "version": "R100-V0", "versionType": "custom"}, {"lessThan": "R302-V1", "status": "affected", "version": "R302-V0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "SEL-710-5 Motor Protection Relay", "vendor": "SEL-710-5 Motor Protection Relay", "versions": [{"lessThan": "R302-V1", "status": "affected", "version": "R100-V0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "SEL-751 Feeder Protection Relay", "vendor": "Schweitzer Engineering Laboratories", "versions": [{"lessThan": "R302-V3", "status": "affected", "version": "R101-V0", "versionType": "custom"}, {"lessThan": "R400-V2", "status": "affected", "version": "R400-V0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "SEL-787-2/-3/-4 Transformer Protection Relay", "vendor": "Schweitzer Engineering Laboratories", "versions": [{"lessThan": "R302-V1", "status": "affected", "version": "R100-V0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "SEL-787Z High-Impedance Differential Relay", "vendor": "Schweitzer Engineering Laboratories", "versions": [{"lessThan": "R302-V3", "status": "affected", "version": "R302-V0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Anonymous Researcher"}], "datePublic": "2024-04-04T15:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n\n\nInclusion of undocumented features vulnerability accessible when logged on with a privileged access level on the following Schweitzer Engineering Laboratories relays could allow the relay to behave unpredictably:<br>SEL-700BT Motor Bus Transfer Relay, SEL-700G Generator Protection Relay, SEL-710-5 Motor Protection Relay, SEL-751 Feeder Protection Relay, SEL-787-2/-3/-4 Transformer Protection Relay, SEL-787Z High-Impedance Differential Relay<br><br>. See product instruction manual appendix A dated 20240308 for more details regarding the SEL-751 Feeder Protection Relay. For more information for the other affected products, see their instruction manuals dated 20240329.<p><span style=\"background-color: rgb(252, 252, 252);\"><br></span></p>"}], "value": "\nInclusion of undocumented features vulnerability accessible when logged on with a privileged access level on the following Schweitzer Engineering Laboratories relays could allow the relay to behave unpredictably:\nSEL-700BT Motor Bus Transfer Relay, SEL-700G Generator Protection Relay, SEL-710-5 Motor Protection Relay, SEL-751 Feeder Protection Relay, SEL-787-2/-3/-4 Transformer Protection Relay, SEL-787Z High-Impedance Differential Relay\n\n. See product instruction manual appendix A dated 20240308 for more details regarding the SEL-751 Feeder Protection Relay. For more information for the other affected products, see their instruction manuals dated 20240329.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1242", "description": "CWE-1242: Inclusion of Undocumented Features", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "5804bb70-792c-43e0-8596-486cc0efe699", "shortName": "SEL", "dateUpdated": "2024-04-04T15:57:14.010Z"}, "references": [{"url": "https://selinc.com/support/security-notifications/external-reports/"}], "source": {"discovery": "EXTERNAL"}, "title": "Inclusion of Undocumented Features", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-2103", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-04T17:11:57.943227Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:28:59.654Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:03:39.137Z"}, "title": "CVE Program Container", "references": [{"url": "https://selinc.com/support/security-notifications/external-reports/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://selinc.com/support/security-notifications/external-reports/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:03:39.137Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-2103", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-04T17:11:57.943227Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:22.135Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Inclusion of Undocumented Features", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Anonymous Researcher"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Schweitzer Engineering Laboratories", "product": "SEL-700BT Motor Bus Transfer Relay", "versions": [{"status": "affected", "version": "R301-V0", "lessThan": "R301-V6", "versionType": "custom"}, {"status": "affected", "version": "R302-V0", "lessThan": "R302-V1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Schweitzer Engineering Laboratories", "product": " SEL-700G Generator Protection Relay", "versions": [{"status": "affected", "version": "R100-V0", "lessThan": "R301-V6", "versionType": "custom"}, {"status": "affected", "version": "R302-V0", "lessThan": "R302-V1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "SEL-710-5 Motor Protection Relay", "product": "SEL-710-5 Motor Protection Relay", "versions": [{"status": "affected", "version": "R100-V0", "lessThan": "R302-V1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Schweitzer Engineering Laboratories", "product": "SEL-751 Feeder Protection Relay", "versions": [{"status": "affected", "version": "R101-V0", "lessThan": "R302-V3", "versionType": "custom"}, {"status": "affected", "version": "R400-V0", "lessThan": "R400-V2", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Schweitzer Engineering Laboratories", "product": "SEL-787-2/-3/-4 Transformer Protection Relay", "versions": [{"status": "affected", "version": "R100-V0", "lessThan": "R302-V1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Schweitzer Engineering Laboratories", "product": "SEL-787Z High-Impedance Differential Relay", "versions": [{"status": "affected", "version": "R302-V0", "lessThan": "R302-V3", "versionType": "custom"}], "defaultStatus": "unaffected"}], "datePublic": "2024-04-04T15:00:00.000Z", "references": [{"url": "https://selinc.com/support/security-notifications/external-reports/"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "\nInclusion of undocumented features vulnerability accessible when logged on with a privileged access level on the following Schweitzer Engineering Laboratories relays could allow the relay to behave unpredictably:\nSEL-700BT Motor Bus Transfer Relay, SEL-700G Generator Protection Relay, SEL-710-5 Motor Protection Relay, SEL-751 Feeder Protection Relay, SEL-787-2/-3/-4 Transformer Protection Relay, SEL-787Z High-Impedance Differential Relay\n\n. See product instruction manual appendix A dated 20240308 for more details regarding the SEL-751 Feeder Protection Relay. For more information for the other affected products, see their instruction manuals dated 20240329.\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n\n\nInclusion of undocumented features vulnerability accessible when logged on with a privileged access level on the following Schweitzer Engineering Laboratories relays could allow the relay to behave unpredictably:<br>SEL-700BT Motor Bus Transfer Relay, SEL-700G Generator Protection Relay, SEL-710-5 Motor Protection Relay, SEL-751 Feeder Protection Relay, SEL-787-2/-3/-4 Transformer Protection Relay, SEL-787Z High-Impedance Differential Relay<br><br>. See product instruction manual appendix A dated 20240308 for more details regarding the SEL-751 Feeder Protection Relay. For more information for the other affected products, see their instruction manuals dated 20240329.<p><span style=\"background-color: rgb(252, 252, 252);\"><br></span></p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1242", "description": "CWE-1242: Inclusion of Undocumented Features"}]}], "providerMetadata": {"orgId": "5804bb70-792c-43e0-8596-486cc0efe699", "shortName": "SEL", "dateUpdated": "2024-04-04T15:57:14.010Z"}}}, "cveMetadata": {"cveId": "CVE-2024-2103", "state": "PUBLISHED", "dateUpdated": "2024-08-01T19:03:39.137Z", "dateReserved": "2024-03-01T16:25:22.105Z", "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699", "datePublished": "2024-04-04T15:18:01.645Z", "assignerShortName": "SEL"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "\nInclusion of undocumented features vulnerability accessible when logged on with a privileged access level on the following Schweitzer Engineering Laboratories relays could allow the relay to behave unpredictably:\nSEL-700BT Motor Bus Transfer Relay, SEL-700G Generator Protection Relay, SEL-710-5 Motor Protection Relay, SEL-751 Feeder Protection Relay, SEL-787-2/-3/-4 Transformer Protection Relay, SEL-787Z High-Impedance Differential Relay\n\n. See product instruction manual appendix A dated 20240308 for more details regarding the SEL-751 Feeder Protection Relay. For more information for the other affected products, see their instruction manuals dated 20240329.\n\n"}, {"lang": "es", "value": "La inclusi\u00f3n de vulnerabilidades de caracter\u00edsticas no documentadas accesibles al iniciar sesi\u00f3n con un nivel de acceso privilegiado en los siguientes rel\u00e9s de Schweitzer Engineering Laboratories podr\u00eda permitir que el rel\u00e9 se comporte de manera impredecible: Rel\u00e9 de transferencia de bus de motor SEL-700BT, Rel\u00e9 de protecci\u00f3n de generador SEL-700G, Motor SEL-710-5 Rel\u00e9 de protecci\u00f3n, Rel\u00e9 de protecci\u00f3n de alimentador SEL-751, Rel\u00e9 de protecci\u00f3n de transformador SEL-787-2/-3/-4, Rel\u00e9 diferencial de alta impedancia SEL-787Z. Consulte el ap\u00e9ndice A del manual de instrucciones del producto con fecha 20240308 para obtener m\u00e1s detalles sobre el rel\u00e9 de protecci\u00f3n del alimentador SEL-751. Para obtener m\u00e1s informaci\u00f3n sobre los dem\u00e1s productos afectados, consulte sus manuales de instrucciones con fecha 20240329."}], "id": "CVE-2024-2103", "lastModified": "2024-11-21T09:09:02.603", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.2, "source": "security@selinc.com", "type": "Secondary"}]}, "published": "2024-04-04T16:15:08.650", "references": [{"source": "security@selinc.com", "url": "https://selinc.com/support/security-notifications/external-reports/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://selinc.com/support/security-notifications/external-reports/"}], "sourceIdentifier": "security@selinc.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1242"}], "source": "security@selinc.com", "type": "Secondary"}]}

{}