Alstom created a mitigation for an improper authorization vulnerability affecting the Alstom Grid MiCOM S1 Agile and S1 Studio Software, according to a report on ICS-CERT.
Keep in mind Alstom Grid MiCOM S1 Studio Software is its own software suite. A user could have MiCOM S1 Studio Software from a different vendor. This mitigation only addresses the Alstom software product. Alstom tested the update to validate that it resolves the vulnerability.
The following Alstom Grid products suffer from the issue: MiCOM S1 Agile Software, all versions up to and including v1.0.2, and legacy MiCOM S1 Studio Software, all versions.
Successful exploitation of this vulnerability may allow an attacker with read/modify user permissions for the MiCOM S1 file system to affect the availability of the application. Unauthorized attackers can then access the MiCOM S1 executable files. This vulnerability can affect products deployed in the energy, dams, healthcare and public health, water, chemical, and commercial facilities.
Alstom Grid is a global company that maintains offices in the U.S., UK, Canada, Italy, India, Brazil, France, Russia, Saudi Arabia, United Arab Emirates and Singapore.
The affected products, Alstom Grid MiCOM S1 Agile and Studio Software, allows users to configure Alstom Grid’s range of protective relays. According to Alstom, MiCOM S1 Software deploys mainly across the energy sector.
The MiCOM S1 Software does not limit user access to its installed executables to only authenticated administrative users. A malicious user with any level of access to the local system could replace executables within the MiCOM S1 Program Files directory with malicious files. When the MiCOM S1 application runs, the malicious executable could run instead. Successful exploitation of this vulnerability could cause loss of availability, integrity, and confidentiality with the local system and a disruption in communications with other connected devices.
In addition, a Windows Service running under LocalSystem is within this directory as well. Replacing the associated executable, in this case, would allow lower privileged users to escalate their privileges to an administrator level on the system.
CVE-2013-2786 is the number assigned to this vulnerability, which has a CVSS v2 base score of 6.0.
This vulnerability is not exploitable remotely and cannot suffer exploitation without access to the local system by an authorized user. To date, no known public exploits specifically target this vulnerability. An attacker with a high skill would be able to exploit this vulnerability.
Alstom released MiCOM S1 Agile version v1.0.3 that mitigates the vulnerability by controlling which users can access MiCOM S1 Agile files and services.
A user can get the update by emailing Alstom at the Alstom Grid Contact Centre.