CVE-2024-2103 in SEL-700BT Motor Bus Transfer Relay
Summary
by MITRE • 04/04/2024
Inclusion of undocumented features vulnerability accessible when logged on with a privileged access level on the following Schweitzer Engineering Laboratories relays could allow the relay to behave unpredictably. * SEL-700BT Motor Bus Transfer Relay
* SEL-700G Generator Protection Relay
* SEL-710-5 Motor Protection Relay
* SEL-751 Feeder Protection Relay
* SEL-787-2/-3/-4 Transformer Protection Relay * SEL-787Z High-Impedance Differential Relay
See product instruction manual appendix A dated 20240308 for more details regarding the SEL-751 Feeder Protection Relay.
For more information for the other affected products, see their instruction manuals dated 20240329.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 05/09/2024
This vulnerability represents a critical inclusion of undocumented features that poses significant operational risks to industrial control systems. The affected Schweitzer Engineering Laboratories relays operate within critical infrastructure environments where reliability and predictability are paramount. The vulnerability specifically manifests when authenticated users with privileged access levels interact with these devices, creating a pathway for unpredictable system behavior that could compromise the integrity of protective relay operations. The affected product lineup includes motor bus transfer relays, generator protection relays, motor protection relays, feeder protection relays, and transformer protection relays, all of which form essential components of power system protection schemes.
The technical flaw stems from undocumented operational features that exist within the firmware of these relays, creating a potential attack surface that bypasses normal operational parameters. When privileged users access these systems, they can trigger functionality that was not intended for normal operation, leading to erratic behavior patterns that may include false tripping, delayed responses, or complete system malfunctions. This vulnerability directly relates to CWE-692, which describes incomplete input validation and the presence of undocumented features that can be exploited by authenticated users. The nature of these undocumented features suggests that the functionality was either inadvertently included during development or deliberately implemented but not properly documented for operational use.
The operational impact of this vulnerability extends beyond simple system instability to potentially compromise the entire power protection infrastructure. In industrial environments, these relays serve as the first line of defense against electrical faults and system disturbances, making their unpredictable behavior particularly dangerous. A relay exhibiting erratic behavior could fail to operate during actual fault conditions, leading to cascading failures throughout the power grid, or it could operate incorrectly during normal conditions, causing unnecessary outages. The vulnerability's requirement for privileged access levels reduces the likelihood of casual exploitation but does not eliminate the risk, as insider threats or compromised accounts could leverage this weakness. According to ATT&CK framework, this represents a privilege escalation vector that could be used to gain deeper access to critical infrastructure systems.
Mitigation strategies should focus on immediate firmware updates from Schweitzer Engineering Laboratories to address the undocumented features and ensure proper operational parameters. Organizations must conduct comprehensive vulnerability assessments of their relay systems to identify any potential exploitation of this vulnerability. Access controls should be strictly enforced through privileged access management systems, ensuring that only authorized personnel can access these critical devices. Network segmentation and monitoring should be implemented to detect any unusual behavior patterns that might indicate exploitation attempts. Regular security audits of industrial control systems should include verification of documented operational features against actual system behavior to prevent similar vulnerabilities from emerging in future releases. The affected products require immediate attention through official firmware updates and operational procedure reviews to maintain the integrity of power system protection schemes.