Main Vulnerability Database Vulnerabilities #VU13800

Incorrect default permissions in SEL AcSELerator Architect and SEL Compass - CVE-2018-10604

Published: July 10, 2018 / Updated: July 11, 2018

Vulnerability identifier: #VU13800

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-10604

CWE-ID: CWE-276

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Schweitzer Engineering Laboratories, Inc.

Affected software:
SEL AcSELerator Architect
SEL Compass

Detailed vulnerability description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to incorrect default permissions. A local attacker can gain full access to the SEL Compass directory, modifiy or overwrite files within the Compass installation folder, and gain execute arbitrary code with elevated privileges.

How to mitigate CVE-2018-10604

Update SEL Compass to version 5.0.6.0 or later.

Update SEL AcSELerator to version 2.2.28.0.

Sources

https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02

Incorrect default permissions in SEL AcSELerator Architect and SEL Compass - CVE-2018-10604

Detailed vulnerability description

How to mitigate CVE-2018-10604

Sources

Please verify you're human