Schweitzer Engineering Laboratories Various Products Failed Login Response Vulnerability

A vulnerability exists in multiple Schweitzer Engineering Laboratories (SEL) software applications and components, including the SEL-5030 acSELerator QuickSet Software, SEL-5037 SEL Grid Configurator, SEL-5056 Software-Defined Network Flow Controller, SEL-5033 acSELerator RTAC Software, SEL-5052 Server Software, SEL-5051 Client Software, SEL-5702 Synchrowave Operations, SEL-5703 Synchrowave Monitoring, and the Blueframe OS. This vulnerability arises from inconsistent failed login responses, which can vary based on whether the username is local or central, potentially leading to user enumeration.

Impact

Exploitation of this vulnerability could allow an authenticated user to discern whether a username is local or central based on the variation in failed login responses, facilitating user enumeration.

Remediation

Users can update to the latest versions of the affected SEL software applications to address this vulnerability. The specific version numbers and release dates can be found in the SEL Software Release Notes.