Sign-up

ID

VAR-201307-0319


CVE

CVE-2013-2786


TITLE

Alstom Grid MiCOM S1 Agile and Alstom Grid MiCOM S1 Studio Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2013-003330

DESCRIPTION

Alstom Grid MiCOM S1 Agile before 1.0.3 and Alstom Grid MiCOM S1 Studio use weak permissions for the MiCOM S1 %PROGRAMFILES% directory, which allows local users to gain privileges via a Trojan horse executable file. The MiCOM S1 software does not restrict user access to the installer. When the MiCOM S1 application runs, the malicious program is executed, and the successful exploitation of the vulnerability can improve the user. Permissions. Multiple Alstom Grid products are prone to a local access-bypass vulnerability. Local attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Note: An attacker can further exploit this issue to gain administrator privileges to the system

Trust: 2.61

sources: NVD: CVE-2013-2786 // JVNDB: JVNDB-2013-003330 // CNVD: CNVD-2013-08914 // BID: 60942 // IVD: 87f7b1a9-cae2-4c38-a0e8-b8e02cfb5059

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 87f7b1a9-cae2-4c38-a0e8-b8e02cfb5059 // CNVD: CNVD-2013-08914

AFFECTED PRODUCTS

vendor:alstommodel:micom s1 studioscope:eqversion: -

Trust: 1.6

vendor:alstommodel:micom s1 agilescope:lteversion:1.0.2

Trust: 1.0

vendor:alstommodel:grid micom s1 agilescope:ltversion:1.0.3

Trust: 0.8

vendor:alstommodel:grid micom s1 studioscope: - version: -

Trust: 0.8

vendor:alstommodel:grid legacy micom s1 studio softwarescope: - version: -

Trust: 0.6

vendor:alstommodel:grid micom s1 agile softwarescope: - version: -

Trust: 0.6

vendor:alstommodel:micom s1 agilescope:eqversion:1.0.2

Trust: 0.6

vendor:alstommodel:micom s1 agile softwarescope:eqversion:1.0.2

Trust: 0.3

vendor:alstommodel:legacy micom s1 studio softwarescope:eqversion:0

Trust: 0.3

vendor:alstommodel:micom s1 agile softwarescope:neversion:1.0.3

Trust: 0.3

vendor:micom s1 agilemodel: - scope:eqversion:*

Trust: 0.2

vendor:micom s1 studiomodel: - scope:eqversion: -

Trust: 0.2

sources: IVD: 87f7b1a9-cae2-4c38-a0e8-b8e02cfb5059 // CNVD: CNVD-2013-08914 // BID: 60942 // JVNDB: JVNDB-2013-003330 // CNNVD: CNNVD-201307-078 // NVD: CVE-2013-2786

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-2786
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-2786
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2013-08914
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201307-078
value: MEDIUM

Trust: 0.6

IVD: 87f7b1a9-cae2-4c38-a0e8-b8e02cfb5059
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2013-2786
severity: MEDIUM
baseScore: 6.6
vectorString: AV:L/AC:M/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 2.7
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-08914
severity: MEDIUM
baseScore: 6.0
vectorString: AV:L/AC:H/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 1.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 87f7b1a9-cae2-4c38-a0e8-b8e02cfb5059
severity: MEDIUM
baseScore: 6.0
vectorString: AV:L/AC:H/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 1.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 87f7b1a9-cae2-4c38-a0e8-b8e02cfb5059 // CNVD: CNVD-2013-08914 // JVNDB: JVNDB-2013-003330 // CNNVD: CNNVD-201307-078 // NVD: CVE-2013-2786

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.8

sources: JVNDB: JVNDB-2013-003330 // NVD: CVE-2013-2786

THREAT TYPE

local

Trust: 0.9

sources: BID: 60942 // CNNVD: CNNVD-201307-078

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201307-078

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003330

PATCH
title:Top Pageurl:http://www.alstom.com/grid/
Trust: 0.8
title:Alstom Grid multiple products local access bypass vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/34993
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-08914 // 
            
            
            
            JVNDB: JVNDB-2013-003330

EXTERNAL IDS
db:NVDid:CVE-2013-2786
Trust: 3.5
db:ICS CERTid:ICSA-13-184-01
Trust: 3.3
db:BIDid:60942
Trust: 1.5
db:CNVDid:CNVD-2013-08914
Trust: 0.8
db:CNNVDid:CNNVD-201307-078
Trust: 0.8
db:JVNDBid:JVNDB-2013-003330
Trust: 0.8
db:IVDid:87F7B1A9-CAE2-4C38-A0E8-B8E02CFB5059
Trust: 0.2
sources:
            
            
            IVD: 87f7b1a9-cae2-4c38-a0e8-b8e02cfb5059 // 
            
            
            
            CNVD: CNVD-2013-08914 // 
            
            
            
            BID: 60942 // 
            
            
            
            JVNDB: JVNDB-2013-003330 // 
            
            
            
            CNNVD: CNNVD-201307-078 // 
            
            
            
            NVD: CVE-2013-2786

REFERENCES
url:http://ics-cert.us-cert.gov/advisories/icsa-13-184-01
Trust: 3.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2786
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2786
Trust: 0.8
url:http://www.securityfocus.com/bid/60942
Trust: 0.6
url:http://www.alstom.com/grid/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-08914 // 
            
            
            
            BID: 60942 // 
            
            
            
            JVNDB: JVNDB-2013-003330 // 
            
            
            
            CNNVD: CNNVD-201307-078 // 
            
            
            
            NVD: CVE-2013-2786

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 60942

SOURCES
db:IVDid:87f7b1a9-cae2-4c38-a0e8-b8e02cfb5059
db:CNVDid:CNVD-2013-08914
db:BIDid:60942
db:JVNDBid:JVNDB-2013-003330
db:CNNVDid:CNNVD-201307-078
db:NVDid:CVE-2013-2786

LAST UPDATE DATE
2025-04-11T22:59:05.948000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-08914date:2013-07-08T00:00:00
db:BIDid:60942date:2013-07-03T00:00:00
db:JVNDBid:JVNDB-2013-003330date:2013-07-16T00:00:00
db:CNNVDid:CNNVD-201307-078date:2013-07-12T00:00:00
db:NVDid:CVE-2013-2786date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:IVDid:87f7b1a9-cae2-4c38-a0e8-b8e02cfb5059date:2013-07-08T00:00:00
db:CNVDid:CNVD-2013-08914date:2013-07-08T00:00:00
db:BIDid:60942date:2013-07-03T00:00:00
db:JVNDBid:JVNDB-2013-003330date:2013-07-16T00:00:00
db:CNNVDid:CNNVD-201307-078date:2013-07-12T00:00:00
db:NVDid:CVE-2013-2786date:2013-07-10T22:55:03.500