CVE-2023-31173 – This CVE describes a hard-coded credentials vul... (How to Fix)

Q: What is the severity of CVE-2023-31173?

CVE-2023-31173 has a CVSS score of 7.7 (HIGH). This CVE describes a hard-coded credentials vulnerability in Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator software on Windows. Attackers can use these embedded credentials to bypass authentication and gain unauthorized access to the system. This affects all Windows installations of SEL Grid Configurator before version 4.5.0.20.

📋 TL;DR

This CVE describes a hard-coded credentials vulnerability in Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator software on Windows. Attackers can use these embedded credentials to bypass authentication and gain unauthorized access to the system. This affects all Windows installations of SEL Grid Configurator before version 4.5.0.20.

💻 Affected Systems

Products:

SEL-5037 SEL Grid Configurator

Versions: All versions before 4.5.0.20

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Windows installations. See Instruction Manual Appendix A and Appendix E dated 20230615 for configuration details.

📦 What is this software?

Sel 5037 Sel Grid Configurator by Selinc

View all CVEs affecting Sel 5037 Sel Grid Configurator →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the SEL Grid Configurator system allowing attackers to modify grid configurations, disrupt power grid operations, or use the system as a foothold into operational technology networks.

🟠

Likely Case

Unauthorized access to the configuration software allowing viewing or modification of grid settings, potentially leading to operational disruptions or data theft.

🟢

If Mitigated

Limited impact if system is isolated from networks and access is physically controlled, though the vulnerability still exists locally.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Hard-coded credentials typically require minimal technical skill to exploit once discovered.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.5.0.20

Vendor Advisory: https://selinc.com/support/security-notifications/external-reports/

Restart Required: Yes

Instructions:

1. Download SEL Grid Configurator version 4.5.0.20 or later from SEL website. 2. Backup current configuration. 3. Install the update following vendor instructions. 4. Restart the system. 5. Verify the update was successful.

🔧 Temporary Workarounds

Network Isolation

all

Isolate the SEL Grid Configurator system from all networks including corporate and operational networks

Access Control Hardening

all

Implement strict physical and logical access controls to the system hosting the vulnerable software

🧯 If You Can't Patch

Implement network segmentation to isolate the vulnerable system from other critical infrastructure
Deploy additional authentication layers and monitor all access attempts to the system

🔍 How to Verify

Check if Vulnerable:

Check the software version in SEL Grid Configurator About dialog or Windows Programs and Features. If version is below 4.5.0.20, the system is vulnerable.

Check Version:

Check via Windows Control Panel > Programs and Features or within SEL Grid Configurator application menu > Help > About

Verify Fix Applied:

Verify the software version shows 4.5.0.20 or higher in the About dialog. Test authentication to confirm hard-coded credentials no longer work.

📡 Detection & Monitoring

Log Indicators:

Failed authentication attempts followed by successful login with unusual timing
Multiple login attempts from unexpected sources
Configuration changes without proper authorization records

Network Indicators:

Unexpected network connections to/from the SEL Grid Configurator system
Traffic patterns indicating unauthorized access

SIEM Query:

source="sel-grid-configurator.log" AND (event_type="authentication" AND result="success") | stats count by user, src_ip

📊 Metadata

CVE ID: CVE-2023-31173

CVSS v3 Score: 7.7 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-798

Published: August 31, 2023

Last Updated: November 21, 2024

🔗 References

https://selinc.com/support/security-notifications/external-reports/ Vendor Advisory
https://www.nozominetworks.com/blog/ Not Applicable
https://selinc.com/support/security-notifications/external-reports/ Vendor Advisory
https://www.nozominetworks.com/blog/ Not Applicable

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-31173, you might also want to check these: