Schweitzer Engineering Laboratories, Inc.
Products
26- 21 CVEs
- 20 CVEs
- 19 CVEs
- 18 CVEs
- 14 CVEs
- 6 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 4 CVEs
- 3 CVEs
- 3 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 0 CVEs
- 0 CVEs
Recent CVEs
51| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-10600 | Cri | 0.64 | 9.8 | 0.02 | Jul 24, 2018 | SEL AcSELerator Architect version 2.2.24.0 and prior allows unsanitized input to be passed to the XML parser, which may allow disclosure and retrieval of arbitrary data, arbitrary code execution (in certain situations on specific platforms), and denial of service attacks. | ||
| CVE-2018-10604 | Hig | 0.57 | 8.8 | 0.02 | Jul 24, 2018 | SEL Compass version 3.0.5.1 and prior allows all users full access to the SEL Compass directory, which may allow modification or overwriting of files within the Compass installation folder, resulting in escalation of privilege and/or malicious code execution. | ||
| CVE-2018-10608 | Hig | 0.52 | 7.5 | 0.08 | Jul 24, 2018 | SEL AcSELerator Architect version 2.2.24.0 and prior can be exploited when the AcSELerator Architect FTP client connects to a malicious FTP server, which may cause denial of service via 100% CPU utilization. Restart of the application is required. | ||
| CVE-2025-46737 | Hig | 0.48 | 7.4 | 0.00 | May 12, 2025 | SEL-5037 Grid Configurator contains an overly permissive Cross Origin Resource Sharing (CORS) configuration for a data gateway service in the application. This gateway service includes an API which is not properly configured to reject requests from unexpected sources. | ||
| CVE-2025-46738 | Med | 0.43 | 6.6 | 0.00 | May 12, 2025 | An authenticated attacker can maliciously modify layout data files in the SEL-5033 installation directory to execute arbitrary code. | ||
| CVE-2024-2103 | Med | 0.42 | 6.5 | 0.00 | Apr 4, 2024 | Inclusion of undocumented features vulnerability accessible when logged on with a privileged access level on the following Schweitzer Engineering Laboratories relays could allow the relay to behave unpredictably: SEL-700BT Motor Bus Transfer Relay, SEL-700G Generator Protection… | ||
| CVE-2025-46741 | Med | 0.37 | 5.7 | 0.00 | May 12, 2025 | A suspended or recently logged-out user could continue to interact with Blueframe until the time-out period occurred. | ||
| CVE-2025-46750 | Med | 0.29 | 4.4 | 0.00 | May 12, 2025 | SEL BIOS packages prior to 1.3.49152.117 or 2.6.49152.98 allow a local attacker to bypass password authentication and change password-protected BIOS settings by importing a BIOS settings file with no password set. | ||
| CVE-2023-2267 | 0.00 | — | 0.00 | Nov 30, 2023 | An Improper Input Validation vulnerability in Schweitzer Engineering Laboratories SEL-411L could allow an attacker to perform reflection attacks against an authorized and authenticated user. See product Instruction Manual Appendix A dated 20230830 for more details. | |||
| CVE-2023-2266 | 0.00 | — | 0.00 | Nov 30, 2023 | An Improper neutralization of input during web page generation in the Schweitzer Engineering Laboratories SEL-411L could allow an attacker to generate cross-site scripting based attacks against an authorized and authenticated user. See product Instruction Manual Appendix A… | |||
| CVE-2023-2265 | 0.00 | — | 0.00 | Nov 30, 2023 | An Improper Restriction of Rendered UI Layers or Frames in the Schweitzer Engineering Laboratories SEL-411L could allow an unauthenticated attacker to perform clickjacking based attacks against an authenticated and authorized user. See product Instruction Manual Appendix A… | |||
| CVE-2023-2264 | 0.00 | — | 0.00 | Nov 30, 2023 | An improper input validation vulnerability in the Schweitzer Engineering Laboratories SEL-411L could allow a malicious actor to manipulate authorized users to click on a link that could allow undesired behavior. See product Instruction Manual Appendix A dated 20230830 for… | |||
| CVE-2023-34390 | 0.00 | — | 0.01 | Nov 30, 2023 | An input validation vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to create a denial of service against the system and locking out services. See product Instruction Manual Appendix A dated 20230830 for more… | |||
| CVE-2023-34389 | 0.00 | — | 0.01 | Nov 30, 2023 | An allocation of resources without limits or throttling vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to make the system unavailable for an indefinite amount of time. See product Instruction Manual Appendix A… | |||
| CVE-2023-34388 | 0.00 | — | 0.01 | Nov 30, 2023 | An Improper Authentication vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote unauthenticated attacker to potentially perform session hijacking attack and bypass authentication. See product Instruction Manual Appendix A dated 20230830 for… | |||
| CVE-2023-31177 | 0.00 | — | 0.00 | Nov 30, 2023 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in the Schweitzer Engineering Laboratories SEL-451 could allow an attacker to craft a link that could execute arbitrary code on a victim's system. See product Instruction Manual Appendix… | |||
| CVE-2023-31176 | 0.00 | — | 0.01 | Nov 30, 2023 | An Insufficient Entropy vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow an unauthenticated remote attacker to brute-force session tokens and bypass authentication. See product Instruction Manual Appendix A dated 20230830 for more details. | |||
| CVE-2023-34392 | 0.00 | — | 0.00 | Aug 31, 2023 | A Missing Authentication for Critical Function vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run arbitrary commands on managed devices by an authorized device operator. See Instruction Manual Appendix A… | |||
| CVE-2023-34391 | 0.00 | — | 0.00 | Aug 31, 2023 | Insecure Inherited Permissions vulnerability in Schweitzer Engineering Laboratories SEL-5033 AcSELerator RTAC Software on Windows allows Leveraging/Manipulating Configuration File Search Paths. See Instruction Manual Appendix A [Cybersecurity] tag dated 20230522 for more… | |||
| CVE-2023-31175 | 0.00 | — | 0.00 | Aug 31, 2023 | An Execution with Unnecessary Privileges vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run system commands with the highest level privilege on the system. See Instruction Manual Appendix A and Appendix E… |
- risk 0.64cvss 9.8epss 0.02
SEL AcSELerator Architect version 2.2.24.0 and prior allows unsanitized input to be passed to the XML parser, which may allow disclosure and retrieval of arbitrary data, arbitrary code execution (in certain situations on specific platforms), and denial of service attacks.
- risk 0.57cvss 8.8epss 0.02
SEL Compass version 3.0.5.1 and prior allows all users full access to the SEL Compass directory, which may allow modification or overwriting of files within the Compass installation folder, resulting in escalation of privilege and/or malicious code execution.
- risk 0.52cvss 7.5epss 0.08
SEL AcSELerator Architect version 2.2.24.0 and prior can be exploited when the AcSELerator Architect FTP client connects to a malicious FTP server, which may cause denial of service via 100% CPU utilization. Restart of the application is required.
- risk 0.48cvss 7.4epss 0.00
SEL-5037 Grid Configurator contains an overly permissive Cross Origin Resource Sharing (CORS) configuration for a data gateway service in the application. This gateway service includes an API which is not properly configured to reject requests from unexpected sources.
- risk 0.43cvss 6.6epss 0.00
An authenticated attacker can maliciously modify layout data files in the SEL-5033 installation directory to execute arbitrary code.
- risk 0.42cvss 6.5epss 0.00
Inclusion of undocumented features vulnerability accessible when logged on with a privileged access level on the following Schweitzer Engineering Laboratories relays could allow the relay to behave unpredictably: SEL-700BT Motor Bus Transfer Relay, SEL-700G Generator Protection…
- risk 0.37cvss 5.7epss 0.00
A suspended or recently logged-out user could continue to interact with Blueframe until the time-out period occurred.
- risk 0.29cvss 4.4epss 0.00
SEL BIOS packages prior to 1.3.49152.117 or 2.6.49152.98 allow a local attacker to bypass password authentication and change password-protected BIOS settings by importing a BIOS settings file with no password set.
- CVE-2023-2267Nov 30, 2023risk 0.00cvss —epss 0.00
An Improper Input Validation vulnerability in Schweitzer Engineering Laboratories SEL-411L could allow an attacker to perform reflection attacks against an authorized and authenticated user. See product Instruction Manual Appendix A dated 20230830 for more details.
- CVE-2023-2266Nov 30, 2023risk 0.00cvss —epss 0.00
An Improper neutralization of input during web page generation in the Schweitzer Engineering Laboratories SEL-411L could allow an attacker to generate cross-site scripting based attacks against an authorized and authenticated user. See product Instruction Manual Appendix A…
- CVE-2023-2265Nov 30, 2023risk 0.00cvss —epss 0.00
An Improper Restriction of Rendered UI Layers or Frames in the Schweitzer Engineering Laboratories SEL-411L could allow an unauthenticated attacker to perform clickjacking based attacks against an authenticated and authorized user. See product Instruction Manual Appendix A…
- CVE-2023-2264Nov 30, 2023risk 0.00cvss —epss 0.00
An improper input validation vulnerability in the Schweitzer Engineering Laboratories SEL-411L could allow a malicious actor to manipulate authorized users to click on a link that could allow undesired behavior. See product Instruction Manual Appendix A dated 20230830 for…
- CVE-2023-34390Nov 30, 2023risk 0.00cvss —epss 0.01
An input validation vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to create a denial of service against the system and locking out services. See product Instruction Manual Appendix A dated 20230830 for more…
- CVE-2023-34389Nov 30, 2023risk 0.00cvss —epss 0.01
An allocation of resources without limits or throttling vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to make the system unavailable for an indefinite amount of time. See product Instruction Manual Appendix A…
- CVE-2023-34388Nov 30, 2023risk 0.00cvss —epss 0.01
An Improper Authentication vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote unauthenticated attacker to potentially perform session hijacking attack and bypass authentication. See product Instruction Manual Appendix A dated 20230830 for…
- CVE-2023-31177Nov 30, 2023risk 0.00cvss —epss 0.00
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in the Schweitzer Engineering Laboratories SEL-451 could allow an attacker to craft a link that could execute arbitrary code on a victim's system. See product Instruction Manual Appendix…
- CVE-2023-31176Nov 30, 2023risk 0.00cvss —epss 0.01
An Insufficient Entropy vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow an unauthenticated remote attacker to brute-force session tokens and bypass authentication. See product Instruction Manual Appendix A dated 20230830 for more details.
- CVE-2023-34392Aug 31, 2023risk 0.00cvss —epss 0.00
A Missing Authentication for Critical Function vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run arbitrary commands on managed devices by an authorized device operator. See Instruction Manual Appendix A…
- CVE-2023-34391Aug 31, 2023risk 0.00cvss —epss 0.00
Insecure Inherited Permissions vulnerability in Schweitzer Engineering Laboratories SEL-5033 AcSELerator RTAC Software on Windows allows Leveraging/Manipulating Configuration File Search Paths. See Instruction Manual Appendix A [Cybersecurity] tag dated 20230522 for more…
- CVE-2023-31175Aug 31, 2023risk 0.00cvss —epss 0.00
An Execution with Unnecessary Privileges vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run system commands with the highest level privilege on the system. See Instruction Manual Appendix A and Appendix E…