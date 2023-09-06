Nine security vulnerabilities have been identified in electric power management products manufactured by Schweitzer Engineering Laboratories (SEL). These flaws were disclosed in a report from Nozomi Networks. The most severe of the nine vulnerabilities enables a threat actor to conduct remote code execution on an engineering workstation. The issues, known as CVE-2023-34392 and CVE-2023-31168 through CVE-2023-31175, have different CVSS severity scores ranging from 4.8 to 8.8. These vulnerabilities affect SEL-5030 acSELeratorQuickSet and SEL-5037 GridConfigurator, which are used for commissioning, configuring, and monitoring devices.

One vulnerability, CVE-2023-31171, can be exploited by tricking a victim engineer through a phishing email to import a specially crafted configuration file, resulting in arbitrary code execution on the engineering workstation. Furthermore, this flaw can be combined with CVE-2023-31175 to gain administrative privileges on the target workstation. Another vulnerability, CVE-2023-34392, can be weaponized by an attacker to send arbitrary commands to the machines using a watering hole attack.

Prior to this discovery, 19 security vulnerabilities were already reported in the SEL Real Time Automation Controller (RTAC) suite. These vulnerabilities, ranging from CVE-2023-31148 to CVE-2023-31166, allowed unauthorized access to the web interface, manipulation of displayed information, manipulation of logic, man-in-the-middle (MitM) attacks, and execution of arbitrary code.

In addition to SEL, American Megatrends (AMI) MegaRAC BMC software solution was also found to have five new vulnerabilities. These vulnerabilities could enable an attacker to achieve reset-resistant persistence and establish a backdoor on the web-based BMC management interface. This backdoor access could persist even after reinstalling the host operating system or resetting the BMC configuration.

Meanwhile, the Phoenix Contact Web Panel 6121-WXPS suffered from 14 security bugs, including four critical-severity flaws. A remote attacker could exploit these vulnerabilities to gain full control over the appliances.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has collaborated with MITRE to develop a Caldera cyber attack emulation platform extension specifically focused on operational technology (OT) networks. This aims to improve the security of OT networks in light of the increasing number of vulnerabilities being discovered.

