XML Parsing Vulnerability in SEL AcSELerator Architect by SEL
CVE-2018-10600

9.8CRITICAL

Key Information:

Vendor: Schweitzer Engineering Laboratories, Inc.
Status: Acselerator Architect
Vendor: CVE Published:; 24 July 2018

Summary

The SEL AcSELerator Architect versions up to 2.2.24.0 are susceptible to an XML parsing issue that allows unsanitized input to be processed by the XML parser. This vulnerability can potentially lead to the unauthorized disclosure and retrieval of sensitive information, and in certain scenarios, it may enable arbitrary code execution on specific platforms. Additionally, it poses a risk of denial of service attacks, making it critical for users to implement recommended security measures.

Affected Version(s)

AcSELerator Architect 2.2.24.0 and prior

References

https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 24, 2018
Vulnerability Reserved
May 1, 2018