Sign-up

ID

VAR-201807-0337


CVE

CVE-2018-10604


TITLE

SEL Compass Permissions vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-008486

DESCRIPTION

SEL Compass version 3.0.5.1 and prior allows all users full access to the SEL Compass directory, which may allow modification or overwriting of files within the Compass installation folder, resulting in escalation of privilege and/or malicious code execution. SEL Compass Contains a permission vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SEL Compass is an application for managing and updating SEL products from Schweitzer Engineering Laboratories (SEL), USA. A privilege elevation vulnerability exists in SEL Compass 3.0.5.1 and earlier. The vulnerability stems from a program failing to properly set access rights

Trust: 2.34

sources: NVD: CVE-2018-10604 // JVNDB: JVNDB-2018-008486 // CNVD: CNVD-2018-18610 // IVD: e2f998b1-39ab-11e9-a7be-000c29342cb1

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2f998b1-39ab-11e9-a7be-000c29342cb1 // CNVD: CNVD-2018-18610

AFFECTED PRODUCTS

vendor:selincmodel:sel compassscope:lteversion:3.0.5.1

Trust: 1.0

vendor:schweitzer engineering laboratoriesmodel:compassscope:lteversion:3.0.5.1

Trust: 0.8

vendor:schweitzer engineering laboratoriesmodel:compassscope:lteversion:<=3.0.5.1

Trust: 0.6

vendor:selincmodel:sel compassscope:eqversion:3.0.5.1

Trust: 0.6

vendor:sel compassmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: e2f998b1-39ab-11e9-a7be-000c29342cb1 // CNVD: CNVD-2018-18610 // JVNDB: JVNDB-2018-008486 // CNNVD: CNNVD-201807-1816 // NVD: CVE-2018-10604

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-10604
value: HIGH

Trust: 1.0

NVD: CVE-2018-10604
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-18610
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201807-1816
value: HIGH

Trust: 0.6

IVD: e2f998b1-39ab-11e9-a7be-000c29342cb1
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2018-10604
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-18610
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2f998b1-39ab-11e9-a7be-000c29342cb1
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2018-10604
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2018-10604
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: e2f998b1-39ab-11e9-a7be-000c29342cb1 // CNVD: CNVD-2018-18610 // JVNDB: JVNDB-2018-008486 // CNNVD: CNNVD-201807-1816 // NVD: CVE-2018-10604

PROBLEMTYPE DATA

problemtype:CWE-276

Trust: 1.0

problemtype:CWE-275

Trust: 0.8

sources: JVNDB: JVNDB-2018-008486 // NVD: CVE-2018-10604

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-1816

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201807-1816

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-008486

PATCH
title:SEL Compassurl:https://selinc.com/products/compass/
Trust: 0.8
title:Patch for SEL Compass Privilege Escalation Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/139987
Trust: 0.6
title:SEL Compass Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82597
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-18610 // 
            
            
            
            JVNDB: JVNDB-2018-008486 // 
            
            
            
            CNNVD: CNNVD-201807-1816

EXTERNAL IDS
db:NVDid:CVE-2018-10604
Trust: 3.2
db:ICS CERTid:ICSA-18-191-02
Trust: 3.0
db:CNVDid:CNVD-2018-18610
Trust: 0.8
db:CNNVDid:CNNVD-201807-1816
Trust: 0.8
db:JVNDBid:JVNDB-2018-008486
Trust: 0.8
db:IVDid:E2F998B1-39AB-11E9-A7BE-000C29342CB1
Trust: 0.2
sources:
            
            
            IVD: e2f998b1-39ab-11e9-a7be-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-18610 // 
            
            
            
            JVNDB: JVNDB-2018-008486 // 
            
            
            
            CNNVD: CNNVD-201807-1816 // 
            
            
            
            NVD: CVE-2018-10604

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-191-02
Trust: 3.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10604
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-10604
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-18610 // 
            
            
            
            JVNDB: JVNDB-2018-008486 // 
            
            
            
            CNNVD: CNNVD-201807-1816 // 
            
            
            
            NVD: CVE-2018-10604

SOURCES
db:IVDid:e2f998b1-39ab-11e9-a7be-000c29342cb1
db:CNVDid:CNVD-2018-18610
db:JVNDBid:JVNDB-2018-008486
db:CNNVDid:CNNVD-201807-1816
db:NVDid:CVE-2018-10604

LAST UPDATE DATE
2024-11-23T22:06:45.833000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-18610date:2018-09-12T00:00:00
db:JVNDBid:JVNDB-2018-008486date:2018-10-19T00:00:00
db:CNNVDid:CNNVD-201807-1816date:2020-10-23T00:00:00
db:NVDid:CVE-2018-10604date:2024-11-21T03:41:38.903

SOURCES RELEASE DATE
db:IVDid:e2f998b1-39ab-11e9-a7be-000c29342cb1date:2018-09-12T00:00:00
db:CNVDid:CNVD-2018-18610date:2018-09-12T00:00:00
db:JVNDBid:JVNDB-2018-008486date:2018-10-19T00:00:00
db:CNNVDid:CNNVD-201807-1816date:2018-07-25T00:00:00
db:NVDid:CVE-2018-10604date:2018-07-24T13:29:00.353