Sign-up

ID

VAR-201807-0335


CVE

CVE-2018-10600


TITLE

SEL AcSELerator Architect In XML External entity vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2018-008485

DESCRIPTION

SEL AcSELerator Architect version 2.2.24.0 and prior allows unsanitized input to be passed to the XML parser, which may allow disclosure and retrieval of arbitrary data, arbitrary code execution (in certain situations on specific platforms), and denial of service attacks. SEL AcSELerator Architect In XML An external entity vulnerability exists.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. SEL AcSELerator Architect is a system used by Schweitzer Engineering Laboratories (SEL) to communicate with, configure and manage substations. An injection injection vulnerability exists in SEL AcSELerator Architect 2.2.24.0 and earlier. In some cases on a particular platform) and cause a denial of service

Trust: 2.34

sources: NVD: CVE-2018-10600 // JVNDB: JVNDB-2018-008485 // CNVD: CNVD-2018-18602 // IVD: e2f9bfc0-39ab-11e9-b0d8-000c29342cb1

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2f9bfc0-39ab-11e9-b0d8-000c29342cb1 // CNVD: CNVD-2018-18602

AFFECTED PRODUCTS

vendor:selincmodel:acselerator architectscope:lteversion:2.2.24.0

Trust: 1.0

vendor:schweitzer engineering laboratoriesmodel:acselerator architectscope:lteversion:2.2.24.0

Trust: 0.8

vendor:schweitzer engineering laboratoriesmodel:acselerator architectscope:lteversion:<=2.2.24.0

Trust: 0.6

vendor:selincmodel:acselerator architectscope:eqversion:2.2.24.0

Trust: 0.6

vendor:acselerator architectmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: e2f9bfc0-39ab-11e9-b0d8-000c29342cb1 // CNVD: CNVD-2018-18602 // JVNDB: JVNDB-2018-008485 // CNNVD: CNNVD-201807-1818 // NVD: CVE-2018-10600

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-10600
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-10600
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-18602
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201807-1818
value: CRITICAL

Trust: 0.6

IVD: e2f9bfc0-39ab-11e9-b0d8-000c29342cb1
value: CRITICAL

Trust: 0.2

nvd@nist.gov: CVE-2018-10600
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-18602
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2f9bfc0-39ab-11e9-b0d8-000c29342cb1
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2018-10600
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: e2f9bfc0-39ab-11e9-b0d8-000c29342cb1 // CNVD: CNVD-2018-18602 // JVNDB: JVNDB-2018-008485 // CNNVD: CNNVD-201807-1818 // NVD: CVE-2018-10600

PROBLEMTYPE DATA

problemtype:CWE-611

Trust: 1.8

sources: JVNDB: JVNDB-2018-008485 // NVD: CVE-2018-10600

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-1818

TYPE

Code problem

Trust: 0.8

sources: IVD: e2f9bfc0-39ab-11e9-b0d8-000c29342cb1 // CNNVD: CNNVD-201807-1818

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-008485

PATCH
title:SEL-5032 ACSELERATOR Architect Softwareurl:https://selinc.com/products/5032/#tab-downloads
Trust: 0.8
title:Patch for SEL AcSELerator Architect XML Injection Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/139997
Trust: 0.6
title:SEL AcSELerator Architect Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82599
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-18602 // 
            
            
            
            JVNDB: JVNDB-2018-008485 // 
            
            
            
            CNNVD: CNNVD-201807-1818

EXTERNAL IDS
db:NVDid:CVE-2018-10600
Trust: 3.2
db:ICS CERTid:ICSA-18-191-02
Trust: 3.0
db:CNVDid:CNVD-2018-18602
Trust: 0.8
db:CNNVDid:CNNVD-201807-1818
Trust: 0.8
db:JVNDBid:JVNDB-2018-008485
Trust: 0.8
db:IVDid:E2F9BFC0-39AB-11E9-B0D8-000C29342CB1
Trust: 0.2
sources:
            
            
            IVD: e2f9bfc0-39ab-11e9-b0d8-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-18602 // 
            
            
            
            JVNDB: JVNDB-2018-008485 // 
            
            
            
            CNNVD: CNNVD-201807-1818 // 
            
            
            
            NVD: CVE-2018-10600

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-191-02
Trust: 3.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10600
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-10600
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-18602 // 
            
            
            
            JVNDB: JVNDB-2018-008485 // 
            
            
            
            CNNVD: CNNVD-201807-1818 // 
            
            
            
            NVD: CVE-2018-10600

SOURCES
db:IVDid:e2f9bfc0-39ab-11e9-b0d8-000c29342cb1
db:CNVDid:CNVD-2018-18602
db:JVNDBid:JVNDB-2018-008485
db:CNNVDid:CNNVD-201807-1818
db:NVDid:CVE-2018-10600

LAST UPDATE DATE
2024-11-23T22:06:45.897000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-18602date:2018-09-12T00:00:00
db:JVNDBid:JVNDB-2018-008485date:2018-10-19T00:00:00
db:CNNVDid:CNNVD-201807-1818date:2019-10-17T00:00:00
db:NVDid:CVE-2018-10600date:2024-11-21T03:41:38.390

SOURCES RELEASE DATE
db:IVDid:e2f9bfc0-39ab-11e9-b0d8-000c29342cb1date:2018-09-12T00:00:00
db:CNVDid:CNVD-2018-18602date:2018-09-12T00:00:00
db:JVNDBid:JVNDB-2018-008485date:2018-10-19T00:00:00
db:CNNVDid:CNNVD-201807-1818date:2018-07-25T00:00:00
db:NVDid:CVE-2018-10600date:2018-07-24T13:29:00.307