Schneider Electric has mitigation details for an improper authorization vulnerability affecting its MiCOM S1 Studio Software, according to a report on ICS-CERT.
The vulnerability, discovered by independent researcher Michael Toecker of Digital Bond using the Microsoft Attack Surface Analyzer tool, ended up disclosed to vendors prior to the 2013 Digital Bond S4 Conference and then presented at the conference.
The function of MiCOM S1 Studio Software is to allow users to modify or manage the configuration parameters of electronic protective relays.
All versions of the MiCOM S1 Studio Software suffers from the issue.
Successful exploitation of this vulnerability may allow an attacker with read/modify user permissions for the MiCOM S1 Studio file system to affect the availability of the application. Unauthorized attackers can then access the MiCOM S1 Studio executable files. This vulnerability can affect products deployed in the energy, water and wastewater, and critical manufacturing sectors.
Schneider Electric is a Europe-based company that maintains offices in 190 countries worldwide. Their products address various markets including renewable energy, process control, monitoring and control, motor controls, lighting controls, electrical distribution, and security systems.
MiCOM S1 Studio Software allows users to modify or manage the configuration parameters of electronic protective relays.
According to Schneider Electric, MiCOM S1 Studio Software sees use across several sectors including energy, water and wastewater, and critical manufacturing.
The MiCOM S1 Studio Software does not limit user access to its installed executables to only authenticated administrative users. A malicious user with any level of access to the local system could replace executables within the MiCOM S1 Studio Program Files directory with malicious files. When the MiCOM S1 Studio application runs, the malicious executable would run instead. Successful exploitation of this vulnerability could cause loss of availability, integrity, and confidentiality with the local system and a disruption in communications with other connected devices.
In addition, a Windows Service running under LocalSystem is within this directory as well. Replacing the associated executable, in this case, would allow lower privileged users to escalate their privileges to an administrator level on the system.
CVE-2013-0687 is the number assigned to this vulnerability, which has a CVSS v2 base score of 6.0.
This vulnerability is not exploitable remotely and cannot suffer exploitation without access to the local system by an authorized user.
No known public exploits specifically target this vulnerability. An attacker with a high skill would be able to exploit this vulnerability.
Schneider Electric produced a vulnerability disclosure to address the MiCOM S1 Studio Software hole and provide mitigation strategies.