VAR-201807-0335
Vulnerability from variot - Updated: 2023-12-18 12:50SEL AcSELerator Architect version 2.2.24.0 and prior allows unsanitized input to be passed to the XML parser, which may allow disclosure and retrieval of arbitrary data, arbitrary code execution (in certain situations on specific platforms), and denial of service attacks. SEL AcSELerator Architect In XML An external entity vulnerability exists.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. SEL AcSELerator Architect is a system used by Schweitzer Engineering Laboratories (SEL) to communicate with, configure and manage substations. An injection injection vulnerability exists in SEL AcSELerator Architect 2.2.24.0 and earlier. In some cases on a particular platform) and cause a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-0335",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "acselerator architect",
"scope": "lte",
"trust": 1.0,
"vendor": "selinc",
"version": "2.2.24.0"
},
{
"model": "acselerator architect",
"scope": "lte",
"trust": 0.8,
"vendor": "schweitzer engineering laboratories",
"version": "2.2.24.0"
},
{
"model": "acselerator architect",
"scope": "lte",
"trust": 0.6,
"vendor": "schweitzer engineering laboratories",
"version": "\u003c=2.2.24.0"
},
{
"model": "acselerator architect",
"scope": "eq",
"trust": 0.6,
"vendor": "selinc",
"version": "2.2.24.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "acselerator architect",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2f9bfc0-39ab-11e9-b0d8-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-18602"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008485"
},
{
"db": "NVD",
"id": "CVE-2018-10600"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1818"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:selinc:acselerator_architect:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.2.24.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10600"
}
]
},
"cve": "CVE-2018-10600",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-10600",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-18602",
"impactScore": 7.8,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e2f9bfc0-39ab-11e9-b0d8-000c29342cb1",
"impactScore": 7.8,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-10600",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-10600",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-18602",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-1818",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2f9bfc0-39ab-11e9-b0d8-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f9bfc0-39ab-11e9-b0d8-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-18602"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008485"
},
{
"db": "NVD",
"id": "CVE-2018-10600"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1818"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SEL AcSELerator Architect version 2.2.24.0 and prior allows unsanitized input to be passed to the XML parser, which may allow disclosure and retrieval of arbitrary data, arbitrary code execution (in certain situations on specific platforms), and denial of service attacks. SEL AcSELerator Architect In XML An external entity vulnerability exists.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. SEL AcSELerator Architect is a system used by Schweitzer Engineering Laboratories (SEL) to communicate with, configure and manage substations. An injection injection vulnerability exists in SEL AcSELerator Architect 2.2.24.0 and earlier. In some cases on a particular platform) and cause a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10600"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008485"
},
{
"db": "CNVD",
"id": "CNVD-2018-18602"
},
{
"db": "IVD",
"id": "e2f9bfc0-39ab-11e9-b0d8-000c29342cb1"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-10600",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-18-191-02",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2018-18602",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1818",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008485",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F9BFC0-39AB-11E9-B0D8-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2f9bfc0-39ab-11e9-b0d8-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-18602"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008485"
},
{
"db": "NVD",
"id": "CVE-2018-10600"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1818"
}
]
},
"id": "VAR-201807-0335",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f9bfc0-39ab-11e9-b0d8-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-18602"
}
],
"trust": 1.55
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2f9bfc0-39ab-11e9-b0d8-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-18602"
}
]
},
"last_update_date": "2023-12-18T12:50:38.399000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEL-5032 ACSELERATOR Architect Software",
"trust": 0.8,
"url": "https://selinc.com/products/5032/#tab-downloads"
},
{
"title": "Patch for SEL AcSELerator Architect XML Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/139997"
},
{
"title": "SEL AcSELerator Architect Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=82599"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18602"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008485"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1818"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-611",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008485"
},
{
"db": "NVD",
"id": "CVE-2018-10600"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-191-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10600"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10600"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18602"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008485"
},
{
"db": "NVD",
"id": "CVE-2018-10600"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1818"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f9bfc0-39ab-11e9-b0d8-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-18602"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008485"
},
{
"db": "NVD",
"id": "CVE-2018-10600"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1818"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-12T00:00:00",
"db": "IVD",
"id": "e2f9bfc0-39ab-11e9-b0d8-000c29342cb1"
},
{
"date": "2018-09-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-18602"
},
{
"date": "2018-10-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008485"
},
{
"date": "2018-07-24T13:29:00.307000",
"db": "NVD",
"id": "CVE-2018-10600"
},
{
"date": "2018-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-1818"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-18602"
},
{
"date": "2018-10-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008485"
},
{
"date": "2019-10-09T23:32:53.290000",
"db": "NVD",
"id": "CVE-2018-10600"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-1818"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-1818"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SEL AcSELerator Architect In XML External entity vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008485"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code problem",
"sources": [
{
"db": "IVD",
"id": "e2f9bfc0-39ab-11e9-b0d8-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1818"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…