Schweitzer Engineering Laboratories Password Change Vulnerability Allowing Bypass of Current Password Requirement

A vulnerability exists in multiple Schweitzer Engineering Laboratories (SEL) software applications, including the SEL-5030 acSELerator QuickSet Software, SEL-5037 SEL Grid Configurator, SEL-5056 Software-Defined Network Flow Controller, SEL-5033 acSELerator RTAC Software, SEL-5702 Synchrowave Operations, SEL-5035 acSELerator Diagram Builder Software, SEL-5032 acSELerator Architect Software, SEL-5703 Synchrowave Monitoring, SEL-5231 SEL Configuration API, SEL-5052 Server Software, SEL-5051 Client Software, SEL Compass, and several Blueframe Software components. This vulnerability allows an authenticated user to change their password without entering the current password, potentially leading to unauthorized access or account manipulation.

Impact

Exploitation of this vulnerability could allow an authenticated user to change their password without the necessary authentication, potentially leading to unauthorized access or account manipulation.