Main Vulnerability Database Vulnerabilities #VU13800

#VU13800 Incorrect default permissions in SEL AcSELerator Architect and SEL Compass - CVE-2018-10604

Published: July 10, 2018 / Updated: July 11, 2018

Vulnerability identifier: #VU13800

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-10604

CWE-ID: CWE-276

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
SEL AcSELerator Architect
SEL Compass

Software vendor:
Schweitzer Engineering Laboratories, Inc.

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to incorrect default permissions. A local attacker can gain full access to the SEL Compass directory, modifiy or overwrite files within the Compass installation folder, and gain execute arbitrary code with elevated privileges.

Remediation

Update SEL Compass to version 5.0.6.0 or later.

Update SEL AcSELerator to version 2.2.28.0.

External links

https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02

#VU13800 Incorrect default permissions in SEL AcSELerator Architect and SEL Compass - CVE-2018-10604

Description

Remediation

External links

Please verify you're human