The Schweitzer Engineering Laboratories (SEL) 700 series relays have been flagged for an “Inclusion of Undocumented Features” vulnerability, which could potentially allow attackers to exploit an anomaly in the relays when logged in with a privileged access level, resulting in unpredictable behavior. This vulnerability has been identified under CVE-2024-2103, with a calculated CVSS v4 base score of 5.9, indicating the potential for exploitation and compromise of the relays. It has been emphasized that immediate action should be taken to update to the latest versions recommended by Schweitzer Engineering Laboratories for SEL 700 series relays to mitigate the vulnerability and reinforce security measures.
The affected SEL products include various models of relays, such as the SEL-700BT Motor Bus Transfer Relay, SEL-700G Generator Protection Relay, SEL-710-5 Motor Protection Relay, SEL-751 Feeder Protection Relay, SEL-787-2/-3/-4 Transformer Protection Relay, and SEL-787Z High-Impedance Differential Relay, urging users to adhere to the recommended versions to address the identified vulnerability. Additionally, CISA has recommended implementing defensive measures, such as minimizing network exposure, utilizing secure remote access methods, and conducting thorough impact analysis and risk assessment before deploying defensive measures to mitigate potential exploitation of these vulnerabilities.
Organizations worldwide operating SEL relays are strongly advised to heed the recommended mitigations, assess their control systems’ security, and adopt best practices detailed in relevant resources to safeguard against potential cyber threats. CISA has underscored the significance of implementing recommended cybersecurity strategies to proactively defend Industrial Control System (ICS) assets against potential vulnerabilities and threats. Although no known public exploitation targeting this specific vulnerability has been reported, organizations are urged to remain vigilant, apply the recommended cybersecurity strategies, and report any suspected malicious activities for further evaluation and tracking by CISA.
