Schweitzer Fixes Multiple Holes

Tuesday, July 10, 2018 @ 05:07 PM gHale

Schweitzer Engineering Laboratories, Inc. (SEL) released an upgrade to mitigate incorrect default permissions, XXE, and resource exhaustion vulnerabilities in its Compass and AcSELerator Architect, according to a report with NCCIC.

Successful exploitation of these vulnerabilities could allow modification/replacement of files within the Compass installation directory, disclosure of information, or denial of service.

RELATED STORIES
Rockwell Working on Stratix 5950 Fix
Mitigations for Siemens Industrial Plant Clocks
Medtronic Updates for MyCareLink Monitor Holes
Medtronic Updates Carelink Fix

The following products from SEL suffer from the remotely exploitable vulnerability. However, not all products are affected by all vulnerabilities, discovered by Gjoko Krstic of Applied Risk.
• Compass Version 3.0.5.1 and prior
• AcSELerator Architect Version 2.2.24.0 and prior (ICD package Version 2.38.0)

In one vulnerability, incorrect default permissions allows all users full access to the SEL Compass directory, which may allow modification or overwriting of files within the Compass installation folder, resulting in escalation of privilege and/or malicious code execution.

CVE-2018-10604 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.2.

In addition, there is an XXE vulnerability allows unsanitized input to be passed to the AcSELerator Architect XML parser, which may allow disclosure and retrieval of arbitrary data, arbitrary code execution (in certain situations on specific platforms), and denial of service attacks. 

CVE-2018-10600 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.2.

Also, a resource exhaustion vulnerability can be exploited when the AcSELerator Architect FTP client connects to a malicious FTP server, which may cause denial of service via 100% CPU utilization. Restart of the application is required. 

CVE-2018-10608 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 6.5.

The products see use mainly in the energy sector and on a global basis. An attacker with low skill level could leverage the vulnerabilities. In addition, public exploits are available.

SEL recommends affected users upgrade to latest release:
• SEL Compass v3.0.6.1 or later
• SEL AcSELerator v2.2.29.0 (ICD 2.44.0) or later
• Contact SEL Support for specific instructions and downloads.



Leave a Reply

You must be logged in to post a comment.