CVE-2025-46738 is a vulnerability identified in the Schweitzer Engineering Laboratories (SEL) SEL-5033 acSELerator RTAC Software. The vulnerability is classified under CWE-502, which relates to Deserialization of Untrusted Data. Specifically, an authenticated attacker with low privileges can maliciously modify layout data files located in the SEL-5033 installation directory. By tampering with these files, the attacker can trigger arbitrary code execution within the context of the application. This implies that the software improperly handles or trusts the layout data files, allowing crafted data to be deserialized or processed in a way that leads to execution of attacker-controlled code. The vulnerability requires authentication and user interaction, indicating that the attacker must have some level of access to the system and perform actions that cause the malicious data to be processed. The CVSS v3.1 base score is 6.6 (medium severity), with the vector AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L, meaning the attack requires local access, high attack complexity, low privileges, and user interaction. The impact scope is changed (S:C), affecting confidentiality (low), integrity (high), and availability (low). No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability affects version "0" of the product, which likely indicates the initial or an unspecified version. The SEL-5033 acSELerator RTAC Software is used in industrial control systems, particularly in critical infrastructure environments for automation and control of electrical grids and related systems. The ability to execute arbitrary code through modification of layout files could allow attackers to manipulate control logic, disrupt operations, or gain deeper access to the control network.

For European organizations, especially those operating critical infrastructure such as power utilities, manufacturing plants, and industrial automation, this vulnerability poses a significant risk. The SEL-5033 acSELerator RTAC Software is commonly deployed in supervisory control and data acquisition (SCADA) systems and remote terminal units (RTUs) that manage electrical grid components. Exploitation could lead to unauthorized code execution, potentially allowing attackers to alter control logic, disrupt power distribution, cause equipment malfunctions, or create unsafe operating conditions. This could result in operational downtime, safety hazards, and financial losses. Given the medium CVSS score but high impact on integrity, the threat is particularly concerning for environments where data and control integrity are paramount. The requirement for authentication and user interaction somewhat limits remote exploitation but does not eliminate risk, especially if insider threats or compromised credentials are present. The lack of known exploits suggests the vulnerability is not yet actively exploited, providing a window for mitigation. However, the critical nature of affected systems means European organizations must prioritize addressing this vulnerability to maintain operational resilience and comply with regulatory requirements for critical infrastructure protection.

1. Restrict access to the SEL-5033 installation directory and layout data files using strict file system permissions to prevent unauthorized modification. 2. Implement strong authentication mechanisms and enforce least privilege principles to limit the number of users who can access and modify layout files. 3. Monitor and audit access to layout data files and related configuration directories for unusual or unauthorized changes. 4. Employ application whitelisting and integrity verification tools to detect unauthorized modifications of critical files. 5. Segregate the network environment hosting the SEL-5033 software to limit exposure and reduce the attack surface. 6. Educate operators and administrators about the risks of this vulnerability and the importance of cautious handling of layout files. 7. Coordinate with Schweitzer Engineering Laboratories for timely patches or updates addressing this vulnerability and apply them as soon as available. 8. Consider implementing additional runtime protections such as sandboxing or behavior monitoring to detect anomalous code execution stemming from layout file tampering. 9. Develop and test incident response plans specific to ICS/SCADA environments to quickly respond to potential exploitation attempts.