CVE-2018-10604 - OpenCVE

SEL Compass version 3.0.5.1 and prior allows all users full access to the SEL Compass directory, which may allow modification or overwriting of files within the Compass installation folder, resulting in escalation of privilege and/or malicious code execution.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Selinc	Sel Compass

Configuration 1 [-]

cpe:2.3:a:selinc:sel_compass:*:*:*:*:*:*:*:*

References

Link	Resource
https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02	Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2018-07-10T00:00:00

Updated: 2018-07-24T12:57:01

Reserved: 2018-05-01T00:00:00

Link: CVE-2018-10604

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-07-24T13:29:00.353

Modified: 2020-08-31T16:09:22.273

Link: CVE-2018-10604

JSON object: View

Redhat Information

No data.

CWE

CWE-276

{"containers": {"cna": {"affected": [{"product": "Compass", "vendor": "Schweitzer Engineering Laboratories, Inc.", "versions": [{"status": "affected", "version": "3.0.5.1 and prior"}]}], "datePublic": "2018-07-10T00:00:00", "descriptions": [{"lang": "en", "value": "SEL Compass version 3.0.5.1 and prior allows all users full access to the SEL Compass directory, which may allow modification or overwriting of files within the Compass installation folder, resulting in escalation of privilege and/or malicious code execution."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-276", "description": "INCORRECT DEFAULT PERMISSIONS CWE-276", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-07-24T12:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2018-07-10T00:00:00", "ID": "CVE-2018-10604", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Compass", "version": {"version_data": [{"version_value": "3.0.5.1 and prior"}]}}]}, "vendor_name": "Schweitzer Engineering Laboratories, Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SEL Compass version 3.0.5.1 and prior allows all users full access to the SEL Compass directory, which may allow modification or overwriting of files within the Compass installation folder, resulting in escalation of privilege and/or malicious code execution."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "INCORRECT DEFAULT PERMISSIONS CWE-276"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02"}]}}}}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2018-10604", "datePublished": "2018-07-10T00:00:00", "dateReserved": "2018-05-01T00:00:00", "dateUpdated": "2018-07-24T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:selinc:sel_compass:*:*:*:*:*:*:*:*", "matchCriteriaId": "591FA579-C856-441E-A803-D4ACA222202C", "versionEndIncluding": "3.0.5.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "SEL Compass version 3.0.5.1 and prior allows all users full access to the SEL Compass directory, which may allow modification or overwriting of files within the Compass installation folder, resulting in escalation of privilege and/or malicious code execution."}, {"lang": "es", "value": "SEL Compass, en versiones 3.0.5.1 y anteriores, otorga a todos los usuarios acceso total al directorio SEL Compass, lo que podr\u00eda permitir la modificaci\u00f3n o sobrescritura de archivos en la carpeta de instalaci\u00f3n de Compass. Esto podr\u00eda resultar en un escalado de privilegios y/o en la ejecuci\u00f3n de c\u00f3digo malicioso."}], "id": "CVE-2018-10604", "lastModified": "2020-08-31T16:09:22.273", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-07-24T13:29:00.353", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-276"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}