CVE-2023-31167 MEDIUM

CVE-2023-31167: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Vendor Schweitzer Engineering Laboratories
Product SEL-5036 acSELerator Bay Screen Builder Software
Weakness CWE-22 · Path traversal
Published August 31, 2023
Last update September 27, 2024

CVSS base score

5.0/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Schweitzer Engineering Laboratories SEL-5036 acSELerator Bay Screen Builder Software on Windows allows Relative Path Traversal. SEL acSELerator Bay Screen Builder software is distributed by SEL-5033 SEL acSELerator RTAC, SEL-5030 Quickset, and SEL Compass. CVE-2023-31167 and was patched in the acSELerator Bay Screen Builder release available on 20230602. Please contact SEL for additional details. This issue affects SEL-5036 acSELerator Bay Screen Builder Software: before 1.0.49152.778.

Key dates

02Disclosure timeline

August 31, 2023 CVE published
September 27, 2024 Record updated