CVE-2023-34392 – This vulnerability allows attackers to execute ... (How to Fix)

Q: What is the severity of CVE-2023-34392?

CVE-2023-34392 has a CVSS score of 8.2 (HIGH). This vulnerability allows attackers to execute arbitrary commands on managed devices through the SEL-5037 Grid Configurator without proper authentication. It affects all operators using SEL-5037 Grid Configurator versions before 4.5.0.20. Attackers can leverage this to compromise critical grid infrastructure devices.

📋 TL;DR

This vulnerability allows attackers to execute arbitrary commands on managed devices through the SEL-5037 Grid Configurator without proper authentication. It affects all operators using SEL-5037 Grid Configurator versions before 4.5.0.20. Attackers can leverage this to compromise critical grid infrastructure devices.

💻 Affected Systems

Products:

SEL-5037 SEL Grid Configurator

Versions: All versions before 4.5.0.20

Operating Systems: Windows (based on typical SEL Grid Configurator deployment)

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all deployments where the configurator manages SEL grid devices. See Instruction Manual Appendix A and Appendix E dated 20230615 for details.

📦 What is this software?

Sel 5037 Sel Grid Configurator by Selinc

View all CVEs affecting Sel 5037 Sel Grid Configurator →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of managed grid devices leading to grid disruption, equipment damage, or safety system manipulation.

🟠

Likely Case

Unauthorized command execution on managed devices allowing configuration changes, data exfiltration, or lateral movement.

🟢

If Mitigated

Limited impact if network segmentation and access controls prevent unauthorized connections to the configurator.

🌐 Internet-Facing: HIGH if configurator is exposed to internet, as unauthenticated command execution is possible.

🏢 Internal Only: HIGH as internal attackers or compromised accounts can exploit this to run arbitrary commands.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Missing authentication allows exploitation without credentials. Attackers need network access to the configurator interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.5.0.20

Vendor Advisory: https://selinc.com/support/security-notifications/external-reports/

Restart Required: Yes

Instructions:

1. Download SEL-5037 Grid Configurator version 4.5.0.20 from SEL website. 2. Backup current configuration. 3. Install the update following SEL installation procedures. 4. Restart the system. 5. Verify version is 4.5.0.20 or later.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate SEL-5037 Grid Configurator to restricted network segments with strict access controls.

Access Control Lists

all

Implement firewall rules to restrict connections to the configurator only from authorized management stations.

🧯 If You Can't Patch

Implement strict network segmentation to isolate the configurator from untrusted networks.
Deploy additional authentication mechanisms or VPN requirements for accessing the configurator interface.

🔍 How to Verify

Check if Vulnerable:

Check SEL-5037 Grid Configurator version in the application interface or installation directory.

Check Version:

Check Help > About in the Grid Configurator application

Verify Fix Applied:

Confirm version is 4.5.0.20 or later in the application interface.

📡 Detection & Monitoring

Log Indicators:

Unauthorized connection attempts to configurator port
Unexpected command execution logs on managed devices
Configuration changes from unverified sources

Network Indicators:

Unusual traffic patterns to/from configurator port (typically 502/TCP or vendor-specific)
Command packets from unauthorized IP addresses

SIEM Query:

source_ip NOT IN (authorized_management_ips) AND dest_port=502 AND protocol=MODBUS

📊 Metadata

CVE ID: CVE-2023-34392

CVSS v3 Score: 8.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE: CWE-306

Published: August 31, 2023

Last Updated: November 21, 2024

🔗 References

https://selinc.com/support/security-notifications/external-reports/ Vendor Advisory
https://www.nozominetworks.com/blog/ Third Party Advisory
https://selinc.com/support/security-notifications/external-reports/ Vendor Advisory
https://www.nozominetworks.com/blog/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-34392, you might also want to check these: