Lucene search

SELVULNRICHMENT:CVE-2023-31167

HistoryAug 31, 2023 - 3:29 p.m.

CVE-2023-31167 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

2023-08-3115:29:11

CWE-22

SEL

github.com

cve-2023-31167

schweitzer engineering laboratories

windows

path traversal

sel-5036

software vulnerability

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

AI Score

6.9

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Schweitzer Engineering Laboratories SEL-5036 acSELerator Bay Screen Builder Software on Windows allows Relative Path Traversal.

SEL acSELerator Bay Screen Builder software is distributed by SEL-5033 SEL acSELerator RTAC, SEL-5030 Quickset, and SEL Compass. CVE-2023-31167 and was patched in the acSELerator Bay Screen Builder release available on 20230602. Please contact SEL for additional details.

This issue affects SEL-5036 acSELerator Bay Screen Builder Software: before 1.0.49152.778.

References

dragos.com

selinc.com/support/security-notifications/external-reports/

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

AI Score

6.9

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2023-31167