You are here

Schweitzer Engineering Laboratories, Inc. Compass and AcSELerator Architect (ICSA-18-191-02) – Products Used in the Energy Sector

Schweitzer Engineering Laboratories, Inc. Compass and AcSELerator Architect (ICSA-18-191-02) – Products Used in the Energy Sector

Created: Thursday, July 12, 2018 - 10:45
Categories:
Cybersecurity

The NCCIC has released an advisory on incorrect default permissions, XXE, and resource exhaustion vulnerabilities in Schweitzer Engineering Laboratories, Inc. Compass and AcSELerator Architect. Compass Version 3.0.5.1 and prior and AcSELerator Architect Version 2.2.24.0 and prior are affected. Successful exploitation of these vulnerabilities could allow modification/replacement of files within the Compass installation directory, disclosure of information, or denial of service. Schweitzer Engineering Laboratories recommends users upgrade to the latest release of both products. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT