OTPulse
FeedAboutContact

Schweitzer Engineering Laboratories AcSELerator Improper Authorization Vulnerability

Low RiskICS-CERT ICSA-13-079-01Dec 22, 2013
Summary

SEL AcSELerator QuickSet versions prior to 5.12.0.1 contain an improper authorization vulnerability (CWE-284) that allows unauthorized users to bypass authentication controls and access relay configuration functions. An unauthenticated attacker with network connectivity to the tool could view or modify protection relay settings without valid credentials, potentially altering critical power system protection logic.

What this means
What could happen
An unauthorized user with network access to an AcSELerator QuickSet relay configuration tool could bypass authentication controls and view or modify relay settings without proper credentials, potentially leading to incorrect protection logic or disconnection of power systems.
Who's at risk
Electric utilities and power distribution operators using Schweitzer Engineering AcSELerator QuickSet relay configuration tools should be concerned. This tool is used to configure and manage protective relays that control transmission and distribution equipment. Any unauthorized modification of relay settings could disrupt power delivery or disable critical protection functions.
How it could be exploited
An attacker on the network connects to an AcSELerator QuickSet instance and exploits the improper authorization check to gain access to relay configuration interfaces without providing valid credentials, allowing direct modification of protection parameters.
Prerequisites
  • Network access to AcSELerator QuickSet service port
  • AcSELerator QuickSet version prior to 5.12.0.1
  • No valid user credentials required
remotely exploitableno authentication requiredlow complexityaffects safety systemsno patch available
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
SEL AcSELerator QuickSet: <5.12.0.1<5.12.0.1No fix (EOL)
Remediation & Mitigation
0/3
Do now
0/2
HARDENINGImplement strict network access controls and firewall rules to limit access to AcSELerator QuickSet to authorized engineering workstations only
HARDENINGRestrict access to relay configuration tools to isolated engineering networks with multi-factor authentication or VPN requirements
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor network traffic to and from AcSELerator QuickSet instances for unauthorized access attempts
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/4e539ee3-24ce-4678-bba9-b86934446165
Schweitzer Engineering Laboratories AcSELerator Improper Authorization Vulnerability - OTPulse