Sign-up

ID

VAR-201304-0147


CVE

CVE-2013-0687


TITLE

MiCOM S1 Studio Access Security Bypass Vulnerability

Trust: 0.8

sources: IVD: fae90a4a-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-03019

DESCRIPTION

The installer routine in Schneider Electric MiCOM S1 Studio uses world-writable permissions for executable files, which allows local users to modify the service or the configuration files, and consequently gain privileges or trigger incorrect protective-relay operation, via a Trojan horse executable file. MiCOM S1 Studio Software is a parameter that allows the user to modify or manage the generator protection unit. MiCOM S1 Studio Software does not restrict user access to installed executables. Malicious users who can access the local system can replace malicious files in the MiCOM S1 Studio Program Files directory. When the MiCOM S1 Studio application is executed, malicious programs are randomly replaced. run. MiCOM S1 Studio is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. It provides users with easy-to-operate and powerful management and debugging functions. The interface is more intuitive, the function is more powerful, and it is more convenient to use

Trust: 2.7

sources: NVD: CVE-2013-0687 // JVNDB: JVNDB-2013-002406 // CNVD: CNVD-2013-03019 // BID: 59019 // IVD: fae90a4a-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-60689

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: fae90a4a-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-03019

AFFECTED PRODUCTS

vendor:schneider electricmodel:micom s1 studioscope:eqversion: -

Trust: 1.6

vendor:schneider electricmodel:micom s1 studioscope: - version: -

Trust: 0.8

vendor:schneidermodel:electric micom s1 studio softwarescope: - version: -

Trust: 0.6

vendor:micom s1 studiomodel: - scope:eqversion: -

Trust: 0.2

sources: IVD: fae90a4a-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-03019 // JVNDB: JVNDB-2013-002406 // CNNVD: CNNVD-201304-169 // NVD: CVE-2013-0687

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-0687
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-0687
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2013-03019
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201304-169
value: MEDIUM

Trust: 0.6

IVD: fae90a4a-2352-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-60689
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-0687
severity: MEDIUM
baseScore: 6.6
vectorString: AV:L/AC:M/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 2.7
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-03019
severity: MEDIUM
baseScore: 6.6
vectorString: AV:L/AC:M/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 2.7
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: fae90a4a-2352-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 6.6
vectorString: AV:L/AC:M/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 2.7
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-60689
severity: MEDIUM
baseScore: 6.6
vectorString: AV:L/AC:M/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 2.7
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: fae90a4a-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-03019 // VULHUB: VHN-60689 // JVNDB: JVNDB-2013-002406 // CNNVD: CNNVD-201304-169 // NVD: CVE-2013-0687

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-60689 // JVNDB: JVNDB-2013-002406 // NVD: CVE-2013-0687

THREAT TYPE

local

Trust: 0.9

sources: BID: 59019 // CNNVD: CNNVD-201304-169

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201304-169

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-002406

PATCH
title:Cybersecurity Vulnerability Disclosureurl:http://download.schneider-electric.com/files?p_File_Id=56543584&p_File_Name=SEVD-2013-087-01-MiCOM-S1-Studio-SW.pdf
Trust: 0.8
title:Top Pageurl:http://www.schneider-electric.com/site/home/index.cfm/uk/
Trust: 0.8
title:サポートurl:http://www.schneider-electric.co.jp/sites/japan/jp/support/contact/we-care.page
Trust: 0.8
title:トップページurl:http://www.schneider-electric.com/site/home/index.cfm/jp/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-002406

EXTERNAL IDS
db:NVDid:CVE-2013-0687
Trust: 3.6
db:ICS CERTid:ICSA-13-100-01
Trust: 3.1
db:SCHNEIDERid:SEVD-2013-087-01
Trust: 1.7
db:BIDid:59019
Trust: 1.6
db:CNNVDid:CNNVD-201304-169
Trust: 0.9
db:CNVDid:CNVD-2013-03019
Trust: 0.8
db:JVNDBid:JVNDB-2013-002406
Trust: 0.8
db:IVDid:FAE90A4A-2352-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-60689
Trust: 0.1
sources:
            
            
            IVD: fae90a4a-2352-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2013-03019 // 
            
            
            
            VULHUB: VHN-60689 // 
            
            
            
            BID: 59019 // 
            
            
            
            JVNDB: JVNDB-2013-002406 // 
            
            
            
            CNNVD: CNNVD-201304-169 // 
            
            
            
            NVD: CVE-2013-0687

REFERENCES
url:http://ics-cert.us-cert.gov/pdf/icsa-13-100-01.pdf
Trust: 3.1
url:http://download.schneider-electric.com/files?p_file_id=56543584&p_file_name=sevd-2013-087-01-micom-s1-studio-sw.pdf
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0687
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0687
Trust: 0.8
url:http://www.securityfocus.com/bid/59019
Trust: 0.6
url:http://download.schneider-electric.com/files?p_file_id=56543584&p_file_name=sevd-2013-087-01-micom-s1-studio-sw.pdf
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-03019 // 
            
            
            
            VULHUB: VHN-60689 // 
            
            
            
            JVNDB: JVNDB-2013-002406 // 
            
            
            
            CNNVD: CNNVD-201304-169 // 
            
            
            
            NVD: CVE-2013-0687

CREDITS
Michael Toecker of Digital Bond
Trust: 0.9
sources:
            
            
            BID: 59019 // 
            
            
            
            CNNVD: CNNVD-201304-169

SOURCES
db:IVDid:fae90a4a-2352-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-03019
db:VULHUBid:VHN-60689
db:BIDid:59019
db:JVNDBid:JVNDB-2013-002406
db:CNNVDid:CNNVD-201304-169
db:NVDid:CVE-2013-0687

LAST UPDATE DATE
2025-04-11T22:59:11.778000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-03019date:2013-05-28T00:00:00
db:VULHUBid:VHN-60689date:2013-04-18T00:00:00
db:BIDid:59019date:2013-04-10T00:00:00
db:JVNDBid:JVNDB-2013-002406date:2013-04-22T00:00:00
db:CNNVDid:CNNVD-201304-169date:2013-04-22T00:00:00
db:NVDid:CVE-2013-0687date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:IVDid:fae90a4a-2352-11e6-abef-000c29c66e3ddate:2013-04-15T00:00:00
db:CNVDid:CNVD-2013-03019date:2013-04-15T00:00:00
db:VULHUBid:VHN-60689date:2013-04-18T00:00:00
db:BIDid:59019date:2013-04-10T00:00:00
db:JVNDBid:JVNDB-2013-002406date:2013-04-22T00:00:00
db:CNNVDid:CNNVD-201304-169date:2013-04-12T00:00:00
db:NVDid:CVE-2013-0687date:2013-04-18T02:25:37.237