PT-2023-5229 · Schweitzer Engineering Laboratories · Acselerator Bay Screen Builder
Reid Wightman
·
Published
2023-08-31
·
Updated
2023-09-07
·
CVE-2023-31167
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Schweitzer Engineering Laboratories SEL-5036 acSELerator Bay Screen Builder Software versions prior to 1.0.49152.778
Description
The issue is related to an improper limitation of a pathname to a restricted directory, allowing relative path traversal. This can potentially enable a remote attacker to access confidential information. The software is distributed by SEL-5033 SEL acSELerator RTAC, SEL-5030 Quickset, and SEL Compass.
Recommendations
For versions prior to 1.0.49152.778, update to the acSELerator Bay Screen Builder release available on 20230602 to resolve the issue. As a temporary workaround, consider restricting access to sensitive directories and files to minimize the risk of exploitation.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Acselerator Bay Screen Builder