Scribd
Upload
60 views4 pages

2024.13 4xx Vuln 20240521

A security vulnerability has been identified in certain SEL-400 series relays that allows unauthenticated users to send crafted HTTP traffic, potentially causing a diagnostic restart. This issue occurs only if the Port 5 setting EHTTP is enabled, leading to device disablement after three restarts within seven days. Users are advised to contact SEL for firmware upgrades or mitigate the risk by disabling the EHTTP setting.

Uploaded by

Panu Mark II
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
60 views4 pages

2024.13 4xx Vuln 20240521

A security vulnerability has been identified in certain SEL-400 series relays that allows unauthenticated users to send crafted HTTP traffic, potentially causing a diagnostic restart. This issue occurs only if the Port 5 setting EHTTP is enabled, leading to device disablement after three restarts within seven days. Users are advised to contact SEL for firmware upgrades or mitigate the risk by disabling the EHTTP setting.

Uploaded by

Panu Mark II
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Schweitzer Engineering Laboratories, Inc.

2024.05.21 16:57:26 -07'00'

Service Bulletin
SEL-400G-0, -1; SEL-401; SEL-411L-0, -1, -A;
SEL-411L-2; SEL-421-4, -5; SEL-421-7;
SEL-451-5; SEL-451-6; SEL-487B-1; SEL-487B-2;
SEL-487E-3, -4; SEL-487E-5
May Disable as a Result of Receiving
Deliberately Crafted HTTP Traffic
May 21, 2024 Number 2024.13

Classification Security Vulnerability


Specified Applications

Summary Some SEL-400 series relays contain a security vulnerability that could allow an
unauthenticated user to send crafted HTTP traffic to cause a diagnostic restart.
This vulnerability is only exploitable if the Port 5 setting EHTTP is set to Y. If the
device performs three diagnostic restarts within seven days, it disables until the
device is manually restarted.
The following table lists the affected firmware versions and the revised versions
that prevent this behavior.

Affected Firmware Revised Firmware


Device
Versions Versions

 R100-V0a, R100-V1,
R100-V2, R100-V3
 R101-V0, R101-V1,
SEL-400G-0, -1 Advanced R101-V2
Generator Protection  R104-V1
System  R102-V0, R102-V1
 R103-V0, R103-V1,
R103-V2
 R104-V0

 R407-V0, R407-V1
SEL-401 Protection,  R408-V0
Automation, and Control  R411-V0
 R409-V0, R409-V1,
Merging Unit
R409-V2b, R409-V3
 R410-V0, R410-V1

SCHWEITZER ENGINEERING LABORATORIES


2350 NE Hopkins Court • Pullman, WA 99163-5603 U.S.A.
Phone: +1.509.332.1890 • Fax: +1.509.332.7990
Internet: https://selinc.com • E-mail: [email protected] Page 1 of 4
 R126-V0, R126-V1,
R126-V2, R126-V3,
SEL-411L-0, -1, -A R126-V4
Advanced Line  R127-V0, R127-V1,
Differential Protection, R127-V2  R131-V0
Automation, and Control
System  R128-V0, R128-V1
 R129-V0, R129-V1
 R130-V0

SEL-411L-2 Advanced  R200-V0, R200-V1


Line Differential
 R201-V0
Protection, Automation,
and Control System With  R202-V0, R202-V1,  R204-V0
Sampled Values or TiDL R202-V2
Technology  R203-V0

 R327-V0, R327-V1,
R327-V2, R327-V3,
R327-V4
SEL-421-4, -5 Protection,  R328-V0, R328-V1,
Automation, and Control R328-V2, R328-V3
 R332-V0
System  R329-V0, R329-V1,
R329-V2, R329-V3
 R330-V0, R330-V1
 R331-V0

 R407-V0, R407-V1
SEL-421-7 Protection,
Automation, and Control  R408-V0
System With Sampled  R411-V0
 R409-V0, R409-V1,
Values or TiDL
R409-V2, R409-V3
Technology
 R410-V0, R410-V1

 R324-V0, R324-V1,
R324-V2, R324-V3,
R324-V4
SEL-451-5 Protection,  R325-V0, R325-V1,
Automation, and Bay R325-V2, R325-V3  R328-V1
Control System
 R326-V0, R326-V1
 R327-V0, R327-V1
 R328-V0

May 21, 2024 SEL-400G-0, -1; SEL-401; SEL-411L-0, -1, -A; SEL-411L-2; SEL-421-4, -5; SEL-421-7; Page 2 of 4
SEL-451-5; SEL-451-6; SEL-487B-1; SEL-487B-2; SEL-487E-3, -4; SEL-487E-5
May Disable as a Result of Receiving Deliberately Crafted HTTP Traffic
 R401-V0, R401-V1
SEL-451-6 Protection,  R402-V0, R402-V1
Automation, and Bay
Control System With  R403-V0
 R406-V0
Sampled Values or TiDL  R404-V0, R404-V1,
Technology R404-V2
 R405-V0

 R315-V0, R315-V1,
R315-V2, R315-V3,
R315-V4
SEL-487B-1 Bus
Differential and Breaker  R316-V0, R316-V1,  R318-V1
Failure Relay R316-V2, R316-V3
 R317-V0, R317-V1
 R318-V0

 R401-V0, R401-V1
SEL-487B-2 Bus
Differential and Breaker  R402-V0
Failure Relay With  R405-V0
 R403-V0, R403-V1,
Sampled Values or TiDL
R403-V2
Technology
 R404-V0

 R318-V0, R318-V1,
R318-V2, R318-V3
 R319-V0, R319-V1,
SEL-487E-3, -4 R319-V2, R319-V3
Transformer Protection  R320-V0, R320-V1,  R322-V1
Relay R320-V2
 R321-V0, R321-V1,
R321-V2
 R322-V0

 R401-V0, R401-V1
SEL-487E-5 Transformer  R402-V0
Protection Relay With  R403-V0
Sampled Values or TiDL  R406-V0
Technology  R404-V0, R404-V1,
R404-V2
 R405-V0, R405-V1

a SEL-400G firmware version R100-V0 did not production release.


b SEL-401 firmware version R409-V2 did not production release.

May 21, 2024 SEL-400G-0, -1; SEL-401; SEL-411L-0, -1, -A; SEL-411L-2; SEL-421-4, -5; SEL-421-7; Page 3 of 4
SEL-451-5; SEL-451-6; SEL-487B-1; SEL-487B-2; SEL-487E-3, -4; SEL-487E-5
May Disable as a Result of Receiving Deliberately Crafted HTTP Traffic
Specified Only applications where the Port 5 setting EHTTP is set to Y are affected by this
Applications vulnerability.

Action To obtain a firmware upgrade for your affected devices, contact your SEL Sales
Representative or Customer Service Representative.
This solution does not require any hardware, installation, or settings changes,
although SEL always recommends saving settings before upgrading firmware.
Alternatively, to mitigate the risk of this vulnerability, set the Port 5 setting
EHTTP to N.
If you require technical assistance or have questions, please contact your SEL
Application Engineer.

May 21, 2024 SEL-400G-0, -1; SEL-401; SEL-411L-0, -1, -A; SEL-411L-2; SEL-421-4, -5; SEL-421-7; Page 4 of 4
SEL-451-5; SEL-451-6; SEL-487B-1; SEL-487B-2; SEL-487E-3, -4; SEL-487E-5
May Disable as a Result of Receiving Deliberately Crafted HTTP Traffic

You might also like