CVE-2013-0687 — MEDIUM (6.6)

Vulnerability Description

The installer routine in Schneider Electric MiCOM S1 Studio uses world-writable permissions for executable files, which allows local users to modify the service or the configuration files, and consequently gain privileges or trigger incorrect protective-relay operation, via a Trojan horse executable file.

CVSS Score

6.6

MEDIUM

AV:L/AC:M/Au:S/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Schneider-Electric	Micom S1 Studio	-

Related Weaknesses (CWE)

CWE-264

References

http://download.schneider-electric.com/files?p_File_Id=56543584&p_File_Name=SEVDVendor Advisory
http://ics-cert.us-cert.gov/pdf/ICSA-13-100-01.pdfUS Government Resource
http://download.schneider-electric.com/files?p_File_Id=56543584&p_File_Name=SEVDVendor Advisory
http://ics-cert.us-cert.gov/pdf/ICSA-13-100-01.pdfUS Government Resource

FAQ

What is CVE-2013-0687?

CVE-2013-0687 is a vulnerability with a CVSS score of 6.6 (MEDIUM). The installer routine in Schneider Electric MiCOM S1 Studio uses world-writable permissions for executable files, which allows local users to modify the service or the configuration files, and consequ...

How severe is CVE-2013-0687?

CVE-2013-0687 has been rated MEDIUM with a CVSS base score of 6.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-0687?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Micom S1 Studio.