Several SEL electric power management product flaws identified

Schweitzer Engineering Laboratories' electric power management systems were found to be impacted by nine security flaws, the most severe of which could be leveraged to enable remote code execution, The Hacker News reports. The vulnerabilities, tracked as CVE-2023-34392 and from CVE-2023-31168 through CVE-2023-31175, were identified within the devices' SEL-5030 acSELeratorQuickSet and SEL-5037 GridConfigurator systems, according to a Nozomi Networks report. Engineering workstations with vulnerable SEL software could be compromised with arbitrary code execution through phishing emails exploiting CVE-2023-31171. Administrative privileges could also be obtained by exploiting the bug alongside CVE-2023-31175. Moreover, threat actors could leverage CVE-2023-34392 to facilitate arbitrary command delivery to targeted machines. Discovery of such security flaws comes months after Nozomi Networks reported 19 bugs affecting the SEL Real Time Automation Controller suite. Increasing threats against operational technology networks have since led to the Cybersecurity and Infrastructure Security Agency and MITRE partnering to develop an OT attack emulation platform this week.