Lucene search

SELCVELIST:CVE-2023-34391

HistoryAug 31, 2023 - 3:31 p.m.

CVE-2023-34391 Insecure Inherited Permissions

2023-08-3115:31:45

CWE-277

SEL

www.cve.org

schweitzer engineering laboratories

sel-5033 acselerator rtac software

insecure inherited permissions

windows

leveraging/manipulating

configuration file

instruction manual

CVSS3

7.4

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L

EPSS

Percentile

9.0%

JSON

Insecure Inherited Permissions vulnerability in Schweitzer Engineering Laboratories SEL-5033 AcSELerator RTAC Software on Windows allows Leveraging/Manipulating Configuration File Search Paths.

See Instruction Manual Appendix A [Cybersecurity] tag dated 20230522 for more details.

This issue affects SEL-5033 AcSELerator RTAC Software: before 1.35.151.21000.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "SEL-5033 AcSELerator RTAC Software",
    "vendor": "Schweitzer Engineering Laboratories",
    "versions": [
      {
        "lessThan": "1.35.151.21000",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

dragos.com

selinc.com/support/security-notifications/external-reports/

CVSS3

7.4

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2023-34391