Schweitzer Engineering Laboratories (SEL), a US-based firm offering a broad spectrum of products and services for the electric power industry, has recently patched nine vulnerabilities in a pair of its electric power management products. This comes on top of 19 other flaws that were rectified earlier in the year.
The vulnerabilities were discovered in the company’s SEL-5030 acSELerator QuickSet and SEL-5037 Grid Configurator by researchers at the industrial cybersecurity company, Nozomi Networks. These software products are designed to enable engineers and technicians to manage and configure devices for power system protection, control, metering, and monitoring, as well as to create and deploy settings for SEL power system devices.
The researchers identified a total of nine vulnerabilities, four of which have been given a 'high severity' rating, while the remaining five are considered 'medium severity'. The most critical of these, according to Nozomi, is CVE-2023-31171. This flaw permits arbitrary code execution on the engineering workstation running the SEL software by tricking the targeted user into importing a device configuration from a specially crafted file. This vulnerability can be combined with CVE-2023-31175, which enables an attacker to escalate privileges.
These vulnerabilities could be exploited by a malicious insider or an external threat actor (via social engineering) to pilfer sensitive data, monitor or manipulate the device’s logic, and for lateral movement within the victim’s network. Another significant issue allows arbitrary command execution and altering a device’s configuration, either by fooling the targeted user into clicking on a link, or by setting up a watering hole that the victim is likely to visit.
Nozomi also warned that, “The native functionality to clear the terminal history could allow an attacker to cover up and erase their activities, making it more difficult for a target victim to spot any suspicious activity that may have happened in the background on their systems.” SEL has been alerted to these vulnerabilities and has issued software updates to patch them.
Nozomi has previously identified vulnerabilities in SEL products. In May, the company reported finding 19 security holes in SEL computing platforms running the vendor’s Realtime Automation Controller (RTAC) suite. Nozomi stated at the time that, “Worst case scenario, by chaining some of these vulnerabilities and performing a multi-step attack, an unauthenticated remote attacker could alter the core functionality of the device, allowing them to tamper with the information shown to operators or the configuration of the device itself. Additionally, access to all other systems protected by the same credentials could be acquired, allowing them to easily move laterally in the power infrastructure.”