{"api_version":"1","generated_at":"2026-05-08T17:10:58+00:00","cve":"CVE-2018-10600","urls":{"html":"https://cve.report/CVE-2018-10600","api":"https://cve.report/api/cve/CVE-2018-10600.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-10600","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-10600"},"summary":{"title":"CVE-2018-10600","description":"SEL AcSELerator Architect version 2.2.24.0 and prior allows unsanitized input to be passed to the XML parser, which may allow disclosure and retrieval of arbitrary data, arbitrary code execution (in certain situations on specific platforms), and denial of service attacks.","state":"PUBLIC","assigner":"ics-cert@hq.dhs.gov","published_at":"2018-07-24 13:29:00","updated_at":"2019-10-09 23:32:00"},"problem_types":["CWE-611"],"metrics":[],"references":[{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02","name":"https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02","refsource":"MISC","tags":["Third Party Advisory","US Government Resource"],"title":"Schweitzer Engineering Laboratories, Inc. Compass and AcSELerator Architect | CISA","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-10600","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-10600","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"10600","vulnerable":"1","versionEndIncluding":"2.2.24.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"selinc","cpe5":"acselerator_architect","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"ics-cert@hq.dhs.gov","DATE_PUBLIC":"2018-07-10T00:00:00","ID":"CVE-2018-10600","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"AcSELerator Architect","version":{"version_data":[{"version_value":"2.2.24.0 and prior"}]}}]},"vendor_name":"Schweitzer Engineering Laboratories, Inc."}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"SEL AcSELerator Architect version 2.2.24.0 and prior allows unsanitized input to be passed to the XML parser, which may allow disclosure and retrieval of arbitrary data, arbitrary code execution (in certain situations on specific platforms), and denial of service attacks."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE ('XXE') CWE-611"}]}]},"references":{"reference_data":[{"name":"https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02","refsource":"MISC","url":"https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02"}]}},"nvd":{"publishedDate":"2018-07-24 13:29:00","lastModifiedDate":"2019-10-09 23:32:00","problem_types":["CWE-611"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:selinc:acselerator_architect:*:*:*:*:*:*:*:*","versionEndIncluding":"2.2.24.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"10600","Ordinal":"127041","Title":"CVE-2018-10600","CVE":"CVE-2018-10600","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"10600","Ordinal":"1","NoteData":"SEL AcSELerator Architect version 2.2.24.0 and prior allows unsanitized input to be passed to the XML parser, which may allow disclosure and retrieval of arbitrary data, arbitrary code execution (in certain situations on specific platforms), and denial of service attacks.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"10600","Ordinal":"2","NoteData":"2018-07-24","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"10600","Ordinal":"3","NoteData":"2018-07-24","Type":"Other","Title":"Modified"}]}}}