VAR-201304-0147
Vulnerability from variot - Updated: 2023-12-18 13:53The installer routine in Schneider Electric MiCOM S1 Studio uses world-writable permissions for executable files, which allows local users to modify the service or the configuration files, and consequently gain privileges or trigger incorrect protective-relay operation, via a Trojan horse executable file. MiCOM S1 Studio Software is a parameter that allows the user to modify or manage the generator protection unit. MiCOM S1 Studio Software does not restrict user access to installed executables. Malicious users who can access the local system can replace malicious files in the MiCOM S1 Studio Program Files directory. When the MiCOM S1 Studio application is executed, malicious programs are randomly replaced. run. MiCOM S1 Studio is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. It provides users with easy-to-operate and powerful management and debugging functions. The interface is more intuitive, the function is more powerful, and it is more convenient to use
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201304-0147",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "micom s1 studio",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "micom s1 studio",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric micom s1 studio software",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "micom s1 studio",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "fae90a4a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-03019"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002406"
},
{
"db": "NVD",
"id": "CVE-2013-0687"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-169"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:micom_s1_studio:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0687"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Michael Toecker of Digital Bond",
"sources": [
{
"db": "BID",
"id": "59019"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-169"
}
],
"trust": 0.9
},
"cve": "CVE-2013-0687",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 2.7,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.6,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2013-0687",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 2.7,
"id": "CNVD-2013-03019",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 2.7,
"id": "fae90a4a-2352-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 2.7,
"id": "VHN-60689",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-0687",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2013-03019",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201304-169",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "fae90a4a-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-60689",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "fae90a4a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-03019"
},
{
"db": "VULHUB",
"id": "VHN-60689"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002406"
},
{
"db": "NVD",
"id": "CVE-2013-0687"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-169"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The installer routine in Schneider Electric MiCOM S1 Studio uses world-writable permissions for executable files, which allows local users to modify the service or the configuration files, and consequently gain privileges or trigger incorrect protective-relay operation, via a Trojan horse executable file. MiCOM S1 Studio Software is a parameter that allows the user to modify or manage the generator protection unit. MiCOM S1 Studio Software does not restrict user access to installed executables. Malicious users who can access the local system can replace malicious files in the MiCOM S1 Studio Program Files directory. When the MiCOM S1 Studio application is executed, malicious programs are randomly replaced. run. MiCOM S1 Studio is prone to a security-bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. It provides users with easy-to-operate and powerful management and debugging functions. The interface is more intuitive, the function is more powerful, and it is more convenient to use",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0687"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002406"
},
{
"db": "CNVD",
"id": "CNVD-2013-03019"
},
{
"db": "BID",
"id": "59019"
},
{
"db": "IVD",
"id": "fae90a4a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-60689"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-0687",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-13-100-01",
"trust": 3.1
},
{
"db": "SCHNEIDER",
"id": "SEVD-2013-087-01",
"trust": 1.7
},
{
"db": "BID",
"id": "59019",
"trust": 1.6
},
{
"db": "CNNVD",
"id": "CNNVD-201304-169",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2013-03019",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002406",
"trust": 0.8
},
{
"db": "IVD",
"id": "FAE90A4A-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-60689",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "fae90a4a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-03019"
},
{
"db": "VULHUB",
"id": "VHN-60689"
},
{
"db": "BID",
"id": "59019"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002406"
},
{
"db": "NVD",
"id": "CVE-2013-0687"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-169"
}
]
},
"id": "VAR-201304-0147",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "fae90a4a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-03019"
},
{
"db": "VULHUB",
"id": "VHN-60689"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "fae90a4a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-03019"
}
]
},
"last_update_date": "2023-12-18T13:53:29.583000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cybersecurity Vulnerability Disclosure",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_file_id=56543584\u0026p_file_name=sevd-2013-087-01-micom-s1-studio-sw.pdf"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.schneider-electric.com/site/home/index.cfm/uk/"
},
{
"title": "\u30b5\u30dd\u30fc\u30c8",
"trust": 0.8,
"url": "http://www.schneider-electric.co.jp/sites/japan/jp/support/contact/we-care.page"
},
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://www.schneider-electric.com/site/home/index.cfm/jp/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-002406"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-60689"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002406"
},
{
"db": "NVD",
"id": "CVE-2013-0687"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://ics-cert.us-cert.gov/pdf/icsa-13-100-01.pdf"
},
{
"trust": 1.6,
"url": "http://download.schneider-electric.com/files?p_file_id=56543584\u0026p_file_name=sevd-2013-087-01-micom-s1-studio-sw.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0687"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0687"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/59019"
},
{
"trust": 0.1,
"url": "http://download.schneider-electric.com/files?p_file_id=56543584\u0026amp;p_file_name=sevd-2013-087-01-micom-s1-studio-sw.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-03019"
},
{
"db": "VULHUB",
"id": "VHN-60689"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002406"
},
{
"db": "NVD",
"id": "CVE-2013-0687"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-169"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "fae90a4a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-03019"
},
{
"db": "VULHUB",
"id": "VHN-60689"
},
{
"db": "BID",
"id": "59019"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002406"
},
{
"db": "NVD",
"id": "CVE-2013-0687"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-169"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-15T00:00:00",
"db": "IVD",
"id": "fae90a4a-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2013-04-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-03019"
},
{
"date": "2013-04-18T00:00:00",
"db": "VULHUB",
"id": "VHN-60689"
},
{
"date": "2013-04-10T00:00:00",
"db": "BID",
"id": "59019"
},
{
"date": "2013-04-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-002406"
},
{
"date": "2013-04-18T02:25:37.237000",
"db": "NVD",
"id": "CVE-2013-0687"
},
{
"date": "2013-04-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-169"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-05-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-03019"
},
{
"date": "2013-04-18T00:00:00",
"db": "VULHUB",
"id": "VHN-60689"
},
{
"date": "2013-04-10T00:00:00",
"db": "BID",
"id": "59019"
},
{
"date": "2013-04-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-002406"
},
{
"date": "2013-04-18T04:00:00",
"db": "NVD",
"id": "CVE-2013-0687"
},
{
"date": "2013-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-169"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "59019"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-169"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MiCOM S1 Studio Access Security Bypass Vulnerability",
"sources": [
{
"db": "IVD",
"id": "fae90a4a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-03019"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201304-169"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…