Vulnerability CVE-2013-0665

Vulnerability CVE-2013-0665

Published: 2013-03-21

Description:

Schweitzer Engineering Laboratories (SEL) AcSELerator QuickSet before 5.12.0.1 uses weak permissions for its Program Files directory, which allows local users to replace executable files, and consequently gain privileges, via standard filesystem operations.

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

CVSS2 => (AV:L/AC:H/Au:N/C:C/I:C/A:C)

CVSS Base Score	Impact Subscore	Exploitability Subscore
6.2/10	10/10	1.9/10

Exploit range	Attack complexity	Authentication
Local	High	No required
Confidentiality impact	Integrity impact	Availability impact
Complete	Complete	Complete

Affected software
Selinc -> Acselerator quickset

References:

http://ics-cert.us-cert.gov/pdf/ICSA-13-079-01.pdf

Copyright 2024, cxsecurity.com