Search
Find a vulnerability
Search criteria
8 vulnerabilities by Schweitzer Engineering Laboratories, Inc.
CVE-2023-2310 (GCVE-0-2023-2310)
Vulnerability from nvd – Published: 2023-05-10 19:18 – Updated: 2025-01-27 18:20
VLAI
Title
Channel Accessible by Non-Endpoint
Summary
A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer Engineering Laboratories SEL Real-Time Automation Controller (RTAC) could allow a remote attacker to perform a man-in-the-middle (MiTM) that could result in denial of service.
See the ACSELERATOR RTAC SEL-5033 Software instruction manual date code 20210915 for more details.
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-300 - Channel Accessible by Non-Endpoint
Assigner
References
1 reference
Impacted products
10 products
| Vendor | Product | Version | |
|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R119-V0 , < R150-V2
(custom)
Affected: R119-V0 , < R149-V4 (custom) Affected: R119-V0 , < R148-V7 (custom) Affected: R119-V0 , < R147-V6 (custom) |
|
| Schweitzer Engineering Laboratories, Inc. | SEL-3505-3 |
Affected:
R132-V0 , < R150-V2
(custom)
Affected: R132-V0 , < R149-V4 (custom) Affected: R132-V0 , < R148-V7 (custom) Affected: R132-V0 , < R147-V6 (custom) |
|
| Schweitzer Engineering Laboratories | SEL-3530 |
Affected:
R100-V0 , < R150-V2
(custom)
Affected: R100-V0 , < R149-V4 (custom) Affected: R100-V0 , < R148-V7 (custom) Affected: R100-V0 , < R147-V6 (custom) |
|
| Schweitzer Engineering Laboratories, Inc. | SEL-3530-4 |
Affected:
R108-V0 , < R150-V2
(custom)
Affected: R108-V0 , < R149-V4 (custom) Affected: R108-V0 , < R148-V7 (custom) Affected: R108-V0 , < R147-V6 (custom) |
|
| Schweitzer Engineering Laboratories, Inc. | SEL-3532 |
Affected:
R132-V0 , < R150-V2
(custom)
Affected: R132-V0 , < R149-V4 (custom) Affected: R132-V0 , < R148-V7 (custom) Affected: R132-V0 , < R147-V6 (custom) |
|
| Schweitzer Engineering Laboratories, Inc. | SEL-3555 |
Affected:
R134-V0 , < R150-V2
(custom)
Affected: R134-V0 , < R149-V4 (custom) Affected: R134-V0 , < R148-V7 (custom) Affected: R134-V0 , < R147-V6 (custom) |
|
| Schweitzer Engineering Laboratories, Inc. | SEL-3560S |
Affected:
R144-V2 , < R150-V2
(custom)
Affected: R144-V2 , < R149-V4 (custom) Affected: R144-V2 , < R148-V7 (custom) Affected: R144-V2 , < R147-V6 (custom) |
|
| Schweitzer Engineering Laboratories, Inc. | SEL-3560E |
Affected:
R144-V2 , < R150-V2
(custom)
Affected: R144-V2 , < R149-V4 (custom) Affected: R144-V2 , < R148-V7 (custom) Affected: R144-V2 , < R147-V6 (custom) |
|
| Schweitzer Engineering Laboratories, Inc. | SEL-2241 RTAC module |
Affected:
R113-V0 , < R150-V2
(custom)
Affected: R113-V0 , < R149-V4 (custom) Affected: R113-V0 , < R148-V7 (custom) Affected: R113-V0 , < R147-V6 (custom) |
|
| Schweitzer Engineering Laboratories, Inc. | SEL-3350 |
Affected:
R148-V0 , < R150-V2
(custom)
Affected: R148-V0 , < R149-V4 (custom) Affected: R148-V0 , < R148-V7 (custom) |
Date Public
2023-05-10 07:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:14.854Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2310",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-27T18:20:24.063475Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T18:20:35.192Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories, Inc.",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories, Inc.",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories, Inc.",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories, Inc.",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories, Inc.",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories, Inc.",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories, Inc.",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories, Inc.",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Adeen Ayub, Syed Ali Qasim, Irfan Ahmed, Virginia Commonwealth University"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer Engineering Laboratories SEL Real-Time Automation Controller (RTAC) could allow a remote attacker to perform a man-in-the-middle (MiTM) that could result in denial of service.\u003cbr\u003e\u003cbr\u003eSee the ACSELERATOR RTAC SEL-5033 Software instruction manual date code 20210915 for more details."
}
],
"value": "A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer Engineering Laboratories SEL Real-Time Automation Controller (RTAC) could allow a remote attacker to perform a man-in-the-middle (MiTM) that could result in denial of service.\n\nSee the ACSELERATOR RTAC SEL-5033 Software instruction manual date code 20210915 for more details."
}
],
"impacts": [
{
"capecId": "CAPEC-469",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-469 DoS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-300",
"description": "CWE-300 Channel Accessible by Non-Endpoint",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:18:43.806Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Channel Accessible by Non-Endpoint",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-2310",
"datePublished": "2023-05-10T19:18:43.806Z",
"dateReserved": "2023-04-26T18:25:33.932Z",
"dateUpdated": "2025-01-27T18:20:35.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10608 (GCVE-0-2018-10608)
Vulnerability from nvd – Published: 2018-07-24 13:00 – Updated: 2024-09-16 16:42
VLAI
Summary
SEL AcSELerator Architect version 2.2.24.0 and prior can be exploited when the AcSELerator Architect FTP client connects to a malicious FTP server, which may cause denial of service via 100% CPU utilization. Restart of the application is required.
Severity
No CVSS data available.
CWE
- CWE-400 - UNCONTROLLED RESOURCE CONSUMPTION ('RESOURCE EXHAUSTION') CWE-400
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02 | x_refsource_MISC |
| http://packetstormsecurity.com/files/152951/SEL-A… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Schweitzer Engineering Laboratories, Inc. | AcSELerator Architect |
Affected:
2.2.24.0 and prior
|
Date Public
2018-07-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:46.150Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152951/SEL-AcSELerator-Architect-2.2.24-Denial-Of-Service.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AcSELerator Architect",
"vendor": "Schweitzer Engineering Laboratories, Inc.",
"versions": [
{
"status": "affected",
"version": "2.2.24.0 and prior"
}
]
}
],
"datePublic": "2018-07-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SEL AcSELerator Architect version 2.2.24.0 and prior can be exploited when the AcSELerator Architect FTP client connects to a malicious FTP server, which may cause denial of service via 100% CPU utilization. Restart of the application is required."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "UNCONTROLLED RESOURCE CONSUMPTION (\u0027RESOURCE EXHAUSTION\u0027) CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-17T00:06:04.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152951/SEL-AcSELerator-Architect-2.2.24-Denial-Of-Service.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-07-10T00:00:00",
"ID": "CVE-2018-10608",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AcSELerator Architect",
"version": {
"version_data": [
{
"version_value": "2.2.24.0 and prior"
}
]
}
}
]
},
"vendor_name": "Schweitzer Engineering Laboratories, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SEL AcSELerator Architect version 2.2.24.0 and prior can be exploited when the AcSELerator Architect FTP client connects to a malicious FTP server, which may cause denial of service via 100% CPU utilization. Restart of the application is required."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNCONTROLLED RESOURCE CONSUMPTION (\u0027RESOURCE EXHAUSTION\u0027) CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02"
},
{
"name": "http://packetstormsecurity.com/files/152951/SEL-AcSELerator-Architect-2.2.24-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152951/SEL-AcSELerator-Architect-2.2.24-Denial-Of-Service.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-10608",
"datePublished": "2018-07-24T13:00:00.000Z",
"dateReserved": "2018-05-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:42:59.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10604 (GCVE-0-2018-10604)
Vulnerability from nvd – Published: 2018-07-24 13:00 – Updated: 2024-09-16 22:40
VLAI
Summary
SEL Compass version 3.0.5.1 and prior allows all users full access to the SEL Compass directory, which may allow modification or overwriting of files within the Compass installation folder, resulting in escalation of privilege and/or malicious code execution.
Severity
No CVSS data available.
CWE
- CWE-276 - INCORRECT DEFAULT PERMISSIONS CWE-276
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Schweitzer Engineering Laboratories, Inc. | Compass |
Affected:
3.0.5.1 and prior
|
Date Public
2018-07-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:39:08.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Compass",
"vendor": "Schweitzer Engineering Laboratories, Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.5.1 and prior"
}
]
}
],
"datePublic": "2018-07-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SEL Compass version 3.0.5.1 and prior allows all users full access to the SEL Compass directory, which may allow modification or overwriting of files within the Compass installation folder, resulting in escalation of privilege and/or malicious code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "INCORRECT DEFAULT PERMISSIONS CWE-276",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-24T12:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-07-10T00:00:00",
"ID": "CVE-2018-10604",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Compass",
"version": {
"version_data": [
{
"version_value": "3.0.5.1 and prior"
}
]
}
}
]
},
"vendor_name": "Schweitzer Engineering Laboratories, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SEL Compass version 3.0.5.1 and prior allows all users full access to the SEL Compass directory, which may allow modification or overwriting of files within the Compass installation folder, resulting in escalation of privilege and/or malicious code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "INCORRECT DEFAULT PERMISSIONS CWE-276"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-10604",
"datePublished": "2018-07-24T13:00:00.000Z",
"dateReserved": "2018-05-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:40:00.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10600 (GCVE-0-2018-10600)
Vulnerability from nvd – Published: 2018-07-24 13:00 – Updated: 2024-09-16 16:17
VLAI
Summary
SEL AcSELerator Architect version 2.2.24.0 and prior allows unsanitized input to be passed to the XML parser, which may allow disclosure and retrieval of arbitrary data, arbitrary code execution (in certain situations on specific platforms), and denial of service attacks.
Severity
No CVSS data available.
CWE
- CWE-611 - IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE ('XXE') CWE-611
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Schweitzer Engineering Laboratories, Inc. | AcSELerator Architect |
Affected:
2.2.24.0 and prior
|
Date Public
2018-07-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:39:08.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AcSELerator Architect",
"vendor": "Schweitzer Engineering Laboratories, Inc.",
"versions": [
{
"status": "affected",
"version": "2.2.24.0 and prior"
}
]
}
],
"datePublic": "2018-07-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SEL AcSELerator Architect version 2.2.24.0 and prior allows unsanitized input to be passed to the XML parser, which may allow disclosure and retrieval of arbitrary data, arbitrary code execution (in certain situations on specific platforms), and denial of service attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE (\u0027XXE\u0027) CWE-611",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-24T12:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-07-10T00:00:00",
"ID": "CVE-2018-10600",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AcSELerator Architect",
"version": {
"version_data": [
{
"version_value": "2.2.24.0 and prior"
}
]
}
}
]
},
"vendor_name": "Schweitzer Engineering Laboratories, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SEL AcSELerator Architect version 2.2.24.0 and prior allows unsanitized input to be passed to the XML parser, which may allow disclosure and retrieval of arbitrary data, arbitrary code execution (in certain situations on specific platforms), and denial of service attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE (\u0027XXE\u0027) CWE-611"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-10600",
"datePublished": "2018-07-24T13:00:00.000Z",
"dateReserved": "2018-05-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:17:38.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2310 (GCVE-0-2023-2310)
Vulnerability from cvelistv5 – Published: 2023-05-10 19:18 – Updated: 2025-01-27 18:20
VLAI
Title
Channel Accessible by Non-Endpoint
Summary
A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer Engineering Laboratories SEL Real-Time Automation Controller (RTAC) could allow a remote attacker to perform a man-in-the-middle (MiTM) that could result in denial of service.
See the ACSELERATOR RTAC SEL-5033 Software instruction manual date code 20210915 for more details.
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-300 - Channel Accessible by Non-Endpoint
Assigner
References
1 reference
Impacted products
10 products
| Vendor | Product | Version | |
|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-3505 |
Affected:
R119-V0 , < R150-V2
(custom)
Affected: R119-V0 , < R149-V4 (custom) Affected: R119-V0 , < R148-V7 (custom) Affected: R119-V0 , < R147-V6 (custom) |
|
| Schweitzer Engineering Laboratories, Inc. | SEL-3505-3 |
Affected:
R132-V0 , < R150-V2
(custom)
Affected: R132-V0 , < R149-V4 (custom) Affected: R132-V0 , < R148-V7 (custom) Affected: R132-V0 , < R147-V6 (custom) |
|
| Schweitzer Engineering Laboratories | SEL-3530 |
Affected:
R100-V0 , < R150-V2
(custom)
Affected: R100-V0 , < R149-V4 (custom) Affected: R100-V0 , < R148-V7 (custom) Affected: R100-V0 , < R147-V6 (custom) |
|
| Schweitzer Engineering Laboratories, Inc. | SEL-3530-4 |
Affected:
R108-V0 , < R150-V2
(custom)
Affected: R108-V0 , < R149-V4 (custom) Affected: R108-V0 , < R148-V7 (custom) Affected: R108-V0 , < R147-V6 (custom) |
|
| Schweitzer Engineering Laboratories, Inc. | SEL-3532 |
Affected:
R132-V0 , < R150-V2
(custom)
Affected: R132-V0 , < R149-V4 (custom) Affected: R132-V0 , < R148-V7 (custom) Affected: R132-V0 , < R147-V6 (custom) |
|
| Schweitzer Engineering Laboratories, Inc. | SEL-3555 |
Affected:
R134-V0 , < R150-V2
(custom)
Affected: R134-V0 , < R149-V4 (custom) Affected: R134-V0 , < R148-V7 (custom) Affected: R134-V0 , < R147-V6 (custom) |
|
| Schweitzer Engineering Laboratories, Inc. | SEL-3560S |
Affected:
R144-V2 , < R150-V2
(custom)
Affected: R144-V2 , < R149-V4 (custom) Affected: R144-V2 , < R148-V7 (custom) Affected: R144-V2 , < R147-V6 (custom) |
|
| Schweitzer Engineering Laboratories, Inc. | SEL-3560E |
Affected:
R144-V2 , < R150-V2
(custom)
Affected: R144-V2 , < R149-V4 (custom) Affected: R144-V2 , < R148-V7 (custom) Affected: R144-V2 , < R147-V6 (custom) |
|
| Schweitzer Engineering Laboratories, Inc. | SEL-2241 RTAC module |
Affected:
R113-V0 , < R150-V2
(custom)
Affected: R113-V0 , < R149-V4 (custom) Affected: R113-V0 , < R148-V7 (custom) Affected: R113-V0 , < R147-V6 (custom) |
|
| Schweitzer Engineering Laboratories, Inc. | SEL-3350 |
Affected:
R148-V0 , < R150-V2
(custom)
Affected: R148-V0 , < R149-V4 (custom) Affected: R148-V0 , < R148-V7 (custom) |
Date Public
2023-05-10 07:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:14.854Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2310",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-27T18:20:24.063475Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T18:20:35.192Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "SEL-3505",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R119-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "SEL-3505-3",
"vendor": "Schweitzer Engineering Laboratories, Inc.",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "SEL-3530",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "SEL-3530-4",
"vendor": "Schweitzer Engineering Laboratories, Inc.",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R108-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "SEL-3532",
"vendor": "Schweitzer Engineering Laboratories, Inc.",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R132-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "SEL-3555",
"vendor": "Schweitzer Engineering Laboratories, Inc.",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R134-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "SEL-3560S",
"vendor": "Schweitzer Engineering Laboratories, Inc.",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "SEL-3560E",
"vendor": "Schweitzer Engineering Laboratories, Inc.",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R144-V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "SEL-2241 RTAC module",
"vendor": "Schweitzer Engineering Laboratories, Inc.",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
},
{
"lessThan": "R147-V6",
"status": "affected",
"version": "R113-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "SEL-3350",
"vendor": "Schweitzer Engineering Laboratories, Inc.",
"versions": [
{
"lessThan": "R150-V2",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R149-V4",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
},
{
"lessThan": "R148-V7",
"status": "affected",
"version": "R148-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Adeen Ayub, Syed Ali Qasim, Irfan Ahmed, Virginia Commonwealth University"
}
],
"datePublic": "2023-05-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer Engineering Laboratories SEL Real-Time Automation Controller (RTAC) could allow a remote attacker to perform a man-in-the-middle (MiTM) that could result in denial of service.\u003cbr\u003e\u003cbr\u003eSee the ACSELERATOR RTAC SEL-5033 Software instruction manual date code 20210915 for more details."
}
],
"value": "A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer Engineering Laboratories SEL Real-Time Automation Controller (RTAC) could allow a remote attacker to perform a man-in-the-middle (MiTM) that could result in denial of service.\n\nSee the ACSELERATOR RTAC SEL-5033 Software instruction manual date code 20210915 for more details."
}
],
"impacts": [
{
"capecId": "CAPEC-469",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-469 DoS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-300",
"description": "CWE-300 Channel Accessible by Non-Endpoint",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T19:18:43.806Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Channel Accessible by Non-Endpoint",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2023-2310",
"datePublished": "2023-05-10T19:18:43.806Z",
"dateReserved": "2023-04-26T18:25:33.932Z",
"dateUpdated": "2025-01-27T18:20:35.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10600 (GCVE-0-2018-10600)
Vulnerability from cvelistv5 – Published: 2018-07-24 13:00 – Updated: 2024-09-16 16:17
VLAI
Summary
SEL AcSELerator Architect version 2.2.24.0 and prior allows unsanitized input to be passed to the XML parser, which may allow disclosure and retrieval of arbitrary data, arbitrary code execution (in certain situations on specific platforms), and denial of service attacks.
Severity
No CVSS data available.
CWE
- CWE-611 - IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE ('XXE') CWE-611
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Schweitzer Engineering Laboratories, Inc. | AcSELerator Architect |
Affected:
2.2.24.0 and prior
|
Date Public
2018-07-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:39:08.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AcSELerator Architect",
"vendor": "Schweitzer Engineering Laboratories, Inc.",
"versions": [
{
"status": "affected",
"version": "2.2.24.0 and prior"
}
]
}
],
"datePublic": "2018-07-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SEL AcSELerator Architect version 2.2.24.0 and prior allows unsanitized input to be passed to the XML parser, which may allow disclosure and retrieval of arbitrary data, arbitrary code execution (in certain situations on specific platforms), and denial of service attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE (\u0027XXE\u0027) CWE-611",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-24T12:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-07-10T00:00:00",
"ID": "CVE-2018-10600",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AcSELerator Architect",
"version": {
"version_data": [
{
"version_value": "2.2.24.0 and prior"
}
]
}
}
]
},
"vendor_name": "Schweitzer Engineering Laboratories, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SEL AcSELerator Architect version 2.2.24.0 and prior allows unsanitized input to be passed to the XML parser, which may allow disclosure and retrieval of arbitrary data, arbitrary code execution (in certain situations on specific platforms), and denial of service attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE (\u0027XXE\u0027) CWE-611"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-10600",
"datePublished": "2018-07-24T13:00:00.000Z",
"dateReserved": "2018-05-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:17:38.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10608 (GCVE-0-2018-10608)
Vulnerability from cvelistv5 – Published: 2018-07-24 13:00 – Updated: 2024-09-16 16:42
VLAI
Summary
SEL AcSELerator Architect version 2.2.24.0 and prior can be exploited when the AcSELerator Architect FTP client connects to a malicious FTP server, which may cause denial of service via 100% CPU utilization. Restart of the application is required.
Severity
No CVSS data available.
CWE
- CWE-400 - UNCONTROLLED RESOURCE CONSUMPTION ('RESOURCE EXHAUSTION') CWE-400
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02 | x_refsource_MISC |
| http://packetstormsecurity.com/files/152951/SEL-A… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Schweitzer Engineering Laboratories, Inc. | AcSELerator Architect |
Affected:
2.2.24.0 and prior
|
Date Public
2018-07-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:46.150Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152951/SEL-AcSELerator-Architect-2.2.24-Denial-Of-Service.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AcSELerator Architect",
"vendor": "Schweitzer Engineering Laboratories, Inc.",
"versions": [
{
"status": "affected",
"version": "2.2.24.0 and prior"
}
]
}
],
"datePublic": "2018-07-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SEL AcSELerator Architect version 2.2.24.0 and prior can be exploited when the AcSELerator Architect FTP client connects to a malicious FTP server, which may cause denial of service via 100% CPU utilization. Restart of the application is required."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "UNCONTROLLED RESOURCE CONSUMPTION (\u0027RESOURCE EXHAUSTION\u0027) CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-17T00:06:04.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152951/SEL-AcSELerator-Architect-2.2.24-Denial-Of-Service.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-07-10T00:00:00",
"ID": "CVE-2018-10608",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AcSELerator Architect",
"version": {
"version_data": [
{
"version_value": "2.2.24.0 and prior"
}
]
}
}
]
},
"vendor_name": "Schweitzer Engineering Laboratories, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SEL AcSELerator Architect version 2.2.24.0 and prior can be exploited when the AcSELerator Architect FTP client connects to a malicious FTP server, which may cause denial of service via 100% CPU utilization. Restart of the application is required."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNCONTROLLED RESOURCE CONSUMPTION (\u0027RESOURCE EXHAUSTION\u0027) CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02"
},
{
"name": "http://packetstormsecurity.com/files/152951/SEL-AcSELerator-Architect-2.2.24-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152951/SEL-AcSELerator-Architect-2.2.24-Denial-Of-Service.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-10608",
"datePublished": "2018-07-24T13:00:00.000Z",
"dateReserved": "2018-05-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:42:59.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10604 (GCVE-0-2018-10604)
Vulnerability from cvelistv5 – Published: 2018-07-24 13:00 – Updated: 2024-09-16 22:40
VLAI
Summary
SEL Compass version 3.0.5.1 and prior allows all users full access to the SEL Compass directory, which may allow modification or overwriting of files within the Compass installation folder, resulting in escalation of privilege and/or malicious code execution.
Severity
No CVSS data available.
CWE
- CWE-276 - INCORRECT DEFAULT PERMISSIONS CWE-276
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Schweitzer Engineering Laboratories, Inc. | Compass |
Affected:
3.0.5.1 and prior
|
Date Public
2018-07-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:39:08.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Compass",
"vendor": "Schweitzer Engineering Laboratories, Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.5.1 and prior"
}
]
}
],
"datePublic": "2018-07-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SEL Compass version 3.0.5.1 and prior allows all users full access to the SEL Compass directory, which may allow modification or overwriting of files within the Compass installation folder, resulting in escalation of privilege and/or malicious code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "INCORRECT DEFAULT PERMISSIONS CWE-276",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-24T12:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-07-10T00:00:00",
"ID": "CVE-2018-10604",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Compass",
"version": {
"version_data": [
{
"version_value": "3.0.5.1 and prior"
}
]
}
}
]
},
"vendor_name": "Schweitzer Engineering Laboratories, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SEL Compass version 3.0.5.1 and prior allows all users full access to the SEL Compass directory, which may allow modification or overwriting of files within the Compass installation folder, resulting in escalation of privilege and/or malicious code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "INCORRECT DEFAULT PERMISSIONS CWE-276"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-10604",
"datePublished": "2018-07-24T13:00:00.000Z",
"dateReserved": "2018-05-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:40:00.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}