CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-10608 – SEL AcSELerator Architect 2.2.24 - CPU Exhaustion Denial of Service
https://notcve.org/view.php?id=CVE-2018-10608
24 Jul 2018 — SEL AcSELerator Architect version 2.2.24.0 and prior can be exploited when the AcSELerator Architect FTP client connects to a malicious FTP server, which may cause denial of service via 100% CPU utilization. Restart of the application is required. SEL AcSELerator Architect, en versiones 2.2.24.0 y anteriores, puede explotarse cuando el cliente FTP de AcSELerator Architect se conecta a un servidor FTP malicioso, lo que podría provocar una denegación de servicio (DoS) mediante el uso al 100% de la CPU. Se req... • https://packetstorm.news/files/id/152951 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-10604
https://notcve.org/view.php?id=CVE-2018-10604
24 Jul 2018 — SEL Compass version 3.0.5.1 and prior allows all users full access to the SEL Compass directory, which may allow modification or overwriting of files within the Compass installation folder, resulting in escalation of privilege and/or malicious code execution. SEL Compass, en versiones 3.0.5.1 y anteriores, otorga a todos los usuarios acceso total al directorio SEL Compass, lo que podría permitir la modificación o sobrescritura de archivos en la carpeta de instalación de Compass. Esto podría resultar en un e... • https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02 • CWE-276: Incorrect Default Permissions •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-10600
https://notcve.org/view.php?id=CVE-2018-10600
24 Jul 2018 — SEL AcSELerator Architect version 2.2.24.0 and prior allows unsanitized input to be passed to the XML parser, which may allow disclosure and retrieval of arbitrary data, arbitrary code execution (in certain situations on specific platforms), and denial of service attacks. SEL AcSELerator Architect, en versiones 2.2.24.0 y anteriores, permite que las entradas no saneadas se pasen al analizador XML. Esto podría permitir la divulgación y recuperación de datos arbitrarios, la ejecución de código arbitrario (en ... • https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 10.0EPSS: 0%CPEs: 14EXPL: 0CVE-2017-7928
https://notcve.org/view.php?id=CVE-2017-7928
07 Aug 2017 — An Improper Access Control issue was discovered in Schweitzer Engineering Laboratories (SEL) SEL-3620 and SEL-3622 Security Gateway Versions R202 and, R203, R203-V1, R203-V2 and, R204, R204-V1. The device does not properly enforce access control while configured for NAT port forwarding, which may allow for unauthorized communications to downstream devices. Se ha descubierto un problema de control de acceso incorrecto en Schweitzer Engineering Laboratories (SEL) SEL-3620 y SEL-3622 Security Gateway Versiones... • http://www.securityfocus.com/bid/99536 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2013-2792
https://notcve.org/view.php?id=CVE-2013-2792
09 Aug 2013 — Schweitzer Engineering Laboratories (SEL) SEL-2241, SEL-3505, and SEL-3530 RTAC master devices allow remote attackers to cause a denial of service (infinite loop) via a crafted DNP3 TCP packet. Los dispositivos maestro Schweitzer Engineering Laboratories (SEL) SEL-2241, SEL-3505, y SEL-3530 RTAC permite a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de un paquete DNP3 manipulado. • http://ics-cert.us-cert.gov/advisories/ICSA-13-219-01 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2013-2798
https://notcve.org/view.php?id=CVE-2013-2798
09 Aug 2013 — Schweitzer Engineering Laboratories (SEL) SEL-2241, SEL-3505, and SEL-3530 RTAC master devices allow physically proximate attackers to cause a denial of service (infinite loop) via crafted input over a serial line. Los dispositivos maestro Schweitzer Engineering Laboratories (SEL) SEL-2241, SEL-3505, y SEL-3530 RTAC permite a atacantes con acceso físico provocar una denegación de servicio (bucle infinito) a través de una entrada por línea serie manipulada. • http://ics-cert.us-cert.gov/advisories/ICSA-13-219-01 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2013-0665
https://notcve.org/view.php?id=CVE-2013-0665
21 Mar 2013 — Schweitzer Engineering Laboratories (SEL) AcSELerator QuickSet before 5.12.0.1 uses weak permissions for its Program Files directory, which allows local users to replace executable files, and consequently gain privileges, via standard filesystem operations. Schweitzer Engineering Laboratories (SEL) AcSELerator QuickSet anterior a 5.12.0.1 utiliza permisos débiles para el directorio Program Files, que permite a usuarios locales para reemplazar los archivos ejecutables, y en consecuencia obtener privilegios, ... • http://ics-cert.us-cert.gov/pdf/ICSA-13-079-01.pdf • CWE-264: Permissions, Privileges, and Access Controls •