CVE-2023-31175 – This vulnerability in SEL-5037 SEL Grid Configu... (How to Fix)

Q: What is the severity of CVE-2023-31175?

CVE-2023-31175 has a CVSS score of 8.8 (HIGH). This vulnerability in SEL-5037 SEL Grid Configurator allows attackers to execute system commands with highest privileges (root/admin). It affects all systems running SEL-5037 SEL Grid Configurator versions before 4.5.0.20.

📋 TL;DR

This vulnerability in SEL-5037 SEL Grid Configurator allows attackers to execute system commands with highest privileges (root/admin). It affects all systems running SEL-5037 SEL Grid Configurator versions before 4.5.0.20.

💻 Affected Systems

Products:

SEL-5037 SEL Grid Configurator

Versions: All versions before 4.5.0.20

Operating Systems: Windows (based on typical SEL Grid Configurator deployment)

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the application's privilege management. See Instruction Manual Appendix A and Appendix E dated 20230615 for configuration details.

📦 What is this software?

Sel 5037 Sel Grid Configurator by Selinc

View all CVEs affecting Sel 5037 Sel Grid Configurator →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attacker to install persistent malware, steal credentials, manipulate grid configurations, or disrupt critical infrastructure operations.

🟠

Likely Case

Attacker gains full control of the system to install backdoors, exfiltrate sensitive grid configuration data, or pivot to other network systems.

🟢

If Mitigated

Limited impact if system is isolated, properly segmented, and monitored with strict access controls.

🌐 Internet-Facing: HIGH if exposed to internet, as attackers could remotely exploit to gain full system control.

🏢 Internal Only: HIGH as internal attackers or compromised internal systems could exploit this for privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation likely requires some level of access to the system running the Grid Configurator. The CWE-250 classification indicates execution with unnecessary privileges.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.5.0.20 or later

Vendor Advisory: https://selinc.com/support/security-notifications/external-reports/

Restart Required: Yes

Instructions:

1. Download SEL-5037 SEL Grid Configurator version 4.5.0.20 or later from SEL website. 2. Backup current configuration. 3. Install the update following SEL's installation guide. 4. Restart the system. 5. Verify the update was successful.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate SEL-5037 systems from untrusted networks and limit access to authorized personnel only.

Least Privilege Access

all

Ensure only necessary users have access to SEL Grid Configurator and run with minimal required privileges.

🧯 If You Can't Patch

Implement strict network segmentation to isolate vulnerable systems from critical infrastructure
Enable detailed logging and monitoring for suspicious command execution or privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check the SEL Grid Configurator version in the application's About or Help menu.

Check Version:

Check application GUI: Help → About SEL Grid Configurator

Verify Fix Applied:

Confirm version is 4.5.0.20 or later in the application's About or Help menu.

📡 Detection & Monitoring

Log Indicators:

Unexpected system command execution
Privilege escalation attempts
Unauthorized process creation with high privileges

Network Indicators:

Unusual outbound connections from SEL-5037 system
Unexpected remote access to the system

SIEM Query:

Process creation where parent process contains 'SEL Grid Configurator' AND privilege level = 'high' OR 'SYSTEM'

📊 Metadata

CVE ID: CVE-2023-31175

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-250

Published: August 31, 2023

Last Updated: November 21, 2024

🔗 References

https://selinc.com/support/security-notifications/external-reports/ Vendor Advisory
https://www.nozominetworks.com/blog/ Third Party Advisory
https://selinc.com/support/security-notifications/external-reports/ Vendor Advisory
https://www.nozominetworks.com/blog/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-31175, you might also want to check these: