Insecure Inherited Permissions
CVE-2023-34391

7.4HIGH

Key Information:

Vendor: Schweitzer Engineering Laboratories
Status: Sel-5033 Acselerator Rtac Software
Vendor: CVE Published:; 31 August 2023

🔔 Create Schweitzer Engineering Laboratories Vulnerability Alert

What is CVE-2023-34391?

The SEL-5033 AcSELerator RTAC Software by Schweitzer Engineering Laboratories is susceptible to an Insecure Inherited Permissions flaw. This vulnerability permits unauthorized manipulation of configuration file search paths, potentially exposing sensitive configurations to exploitation. Affected versions include all prior to 1.35.151.21000. Users should consult the Instruction Manual Appendix A [Cybersecurity], tagged May 22, 2023, for protective measures and further details.

Affected Version(s)

SEL-5033 AcSELerator RTAC Software Windows 0 < 1.35.151.21000

References

https://selinc.com/support/security-notifications/externa...

https://dragos.com

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 31, 2023
Vulnerability Reserved
Jun 2, 2023

Credit

Reid Wightman of Dragos