{"api_version":"1","generated_at":"2026-05-08T17:10:59+00:00","cve":"CVE-2018-10604","urls":{"html":"https://cve.report/CVE-2018-10604","api":"https://cve.report/api/cve/CVE-2018-10604.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-10604","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-10604"},"summary":{"title":"CVE-2018-10604","description":"SEL Compass version 3.0.5.1 and prior allows all users full access to the SEL Compass directory, which may allow modification or overwriting of files within the Compass installation folder, resulting in escalation of privilege and/or malicious code execution.","state":"PUBLIC","assigner":"ics-cert@hq.dhs.gov","published_at":"2018-07-24 13:29:00","updated_at":"2020-08-31 16:09:00"},"problem_types":["CWE-276"],"metrics":[],"references":[{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02","name":"https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02","refsource":"MISC","tags":["Third Party Advisory","US Government Resource"],"title":"Schweitzer Engineering Laboratories, Inc. Compass and AcSELerator Architect | CISA","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-10604","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-10604","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"10604","vulnerable":"1","versionEndIncluding":"3.0.5.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"selinc","cpe5":"sel_compass","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"ics-cert@hq.dhs.gov","DATE_PUBLIC":"2018-07-10T00:00:00","ID":"CVE-2018-10604","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Compass","version":{"version_data":[{"version_value":"3.0.5.1 and prior"}]}}]},"vendor_name":"Schweitzer Engineering Laboratories, Inc."}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"SEL Compass version 3.0.5.1 and prior allows all users full access to the SEL Compass directory, which may allow modification or overwriting of files within the Compass installation folder, resulting in escalation of privilege and/or malicious code execution."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"INCORRECT DEFAULT PERMISSIONS CWE-276"}]}]},"references":{"reference_data":[{"name":"https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02","refsource":"MISC","url":"https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02"}]}},"nvd":{"publishedDate":"2018-07-24 13:29:00","lastModifiedDate":"2020-08-31 16:09:00","problem_types":["CWE-276"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.5},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:selinc:sel_compass:*:*:*:*:*:*:*:*","versionEndIncluding":"3.0.5.1","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"10604","Ordinal":"127045","Title":"CVE-2018-10604","CVE":"CVE-2018-10604","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"10604","Ordinal":"1","NoteData":"SEL Compass version 3.0.5.1 and prior allows all users full access to the SEL Compass directory, which may allow modification or overwriting of files within the Compass installation folder, resulting in escalation of privilege and/or malicious code execution.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"10604","Ordinal":"2","NoteData":"2018-07-24","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"10604","Ordinal":"3","NoteData":"2018-07-24","Type":"Other","Title":"Modified"}]}}}