CVE-2018-10600

Summary

SEL AcSELerator Architect version 2.2.24.0 and prior allows unsanitized input to be passed to the XML parser, which may allow disclosure and retrieval of arbitrary data, arbitrary code execution (in certain situations on specific platforms), and denial of service attacks.

Affected Software

VendorProductVersion RangeStatus
Schweitzer Engineering Laboratories, Inc.AcSELerator Architect2.2.24.0 and prioraffected

Weaknesses

  • CWE-611: IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE ('XXE') CWE-611

ADP Enrichment

CVE Program Container

Additional References

References