Nine security vulnerabilities have been revealed in electrical power management products manufactured by Schweitzer Engineering Laboratories (SEL).
“The most severe of these nine vulnerabilities would allow a malicious actor to facilitate remote code execution (RCE) on an engineering workstation,” Nozomi Networks said. said in a report released last week.
The issues, tracked as CVE-2023-34392 and CVE-2023-31168 through CVE-2023-31175, have CVSS severity scores ranging from 4.8 to 8.8 and impact SEL-5030 acSELeratorQuickSet and SEL-5037 GridConfigurator , which are used to commission, configure and monitor devices.
Exploitation of CVE-2023-31171 could be accomplished by sending a phishing email that tricks a victim engineer into importing a specially crafted configuration file to achieve arbitrary code execution on the executing engineering workstation. the SEL software.
In addition, the flaw can be chained with CVE-2023-31175 to obtain administrative privileges on the target computer. CVE-2023-34392, on the other hand, could be used by an adversary to stealthily send arbitrary commands to machines using a watering hole attack.
Latest research adds to set of 19 security vulnerabilities Previously reported in the SEL Real Time Automation Controller (RTAC) suite (from CVE-2023-31148 to CVE-2023-31166) which could be exploited to “obtain unauthorized access to the web interface, modify the displayed information, manipulate its logic , carry out manipulations. in-the-middle (MitM), or execute arbitrary code.”
In July 2023, the operational technology security company also followed up on last year’s findings, detecting five new vulnerabilities affecting American Megatrends’ (AMI) MegaRAC BMC software solution that could allow an attacker to achieve resilient persistence to reset and hide a backdoor on the web. -BMC based management interface.
“This backdoor access could persist even during reinstallations of the host operating system or hard resets of the BMC configuration itself,” Nozomi Networks said.
Identity is the New Endpoint: Mastering SaaS Security in the Modern Age
Dive into the future of SaaS security with Maor Bin, CEO of Adaptive Shield. Find out why identity is the new endpoint. Reserve your place now.
Since then, 14 other security bugs have been discovered in the Phoenix Contact Web Panel 6121-WXPS, including four critical severity vulnerabilities, which could be exploited by a remote attacker to completely compromise the appliances.
This development comes as the US Cybersecurity and Infrastructure Security Agency (CISA) partnered with MITER to develop an extension for the Caldera Cyberattack Emulation Platform which is specifically focused on operational technology (OT) networks.