Описание
A Cross-Site Request Forgery (CSRF) vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to embed instructions that could be executed by an authorized device operator.
See Instruction Manual Appendix A and Appendix E dated 20230615 for more details.
This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20.
Ссылки
- Vendor Advisory
- Third Party Advisory
- Vendor Advisory
- Third Party Advisory
Уязвимые конфигурации
EPSS
7.4 High
CVSS3
6.5 Medium
CVSS3
Дефекты
Связанные уязвимости
A Cross-Site Request Forgery (CSRF) vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20.
Уязвимость программного конфигуратора для создания, управления и развертывания энергосистем SEL-5037 SEL Grid Configurator, связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю осуществить CSRF-атаку
EPSS
7.4 High
CVSS3
6.5 Medium
CVSS3