Denial of Service in SEL AcSELerator Architect by FTP Connection
CVE-2018-10608

7.5HIGH

Key Information:

Vendor: Schweitzer Engineering Laboratories, Inc.
Status: Acselerator Architect
Vendor: CVE Published:; 24 July 2018

Summary

The SEL AcSELerator Architect, specifically versions 2.2.24.0 and earlier, is susceptible to a denial of service attack when its FTP client connects to a malicious FTP server. This vulnerability can lead to complete CPU utilization, rendering the software inoperable until it is restarted. Users are advised to ensure their systems are updated to avoid exploitation.

Affected Version(s)

AcSELerator Architect 2.2.24.0 and prior

References

https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02

x_refsource_MISC

http://packetstormsecurity.com/files/152951/SEL-AcSELerat...

x_refsource_MISC

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 24, 2018
Vulnerability Reserved
May 1, 2018