Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-31167

5MEDIUM

Key Information:

Vendor: Schweitzer Engineering Laboratories
Status: Sel-5036 Acselerator Bay Screen Builder Software
Vendor: CVE Published:; 31 August 2023

What is CVE-2023-31167?

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Schweitzer Engineering Laboratories SEL-5036 acSELerator Bay Screen Builder Software on Windows allows Relative Path Traversal.

SEL acSELerator Bay Screen Builder software is distributed by SEL-5033 SEL acSELerator RTAC, SEL-5030 Quickset, and SEL Compass. CVE-2023-31167 and was patched in the acSELerator Bay Screen Builder release available on 20230602. Please contact SEL for additional details.

This issue affects SEL-5036 acSELerator Bay Screen Builder Software: before 1.0.49152.778.

Affected Version(s)

SEL-5036 acSELerator Bay Screen Builder Software Windows 0 < 1.0.49152.778

References

https://selinc.com/support/security-notifications/externa...

https://dragos.com

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 31, 2023
Vulnerability Reserved
Apr 24, 2023

Credit

Reid Wightman of Dragos