Schneider Electric MiCOM S1 Studio Improper Authorization Vulnerability

Low RiskICS-CERT ICSA-13-100-01Jan 12, 2013

Schneider ElectricEnergy

Summary

MiCOM S1 Studio contains improper authorization controls that allow an attacker with local or network access to the engineering workstation to bypass authentication and directly access protection relay configuration files. The vulnerability (CWE-284) affects all versions of the software. An attacker exploiting this flaw could modify relay protection settings, alter trip thresholds, disable alarms, or prevent proper equipment protection. Schneider Electric has not released a patch; the product is legacy software and no fix is planned.

What this means

What could happen

An attacker with local access to an engineering workstation could bypass authorization controls and modify configuration files for MiCOM S1 protection devices, potentially altering relay settings and disabling protections that safeguard power distribution equipment.

Who's at risk

Electric utilities and power distribution operators who use Schneider Electric MiCOM S1 Studio to configure and manage protection relays in substations and distribution networks. This affects any organization relying on MiCOM S1 relays for protection of transformers, feeders, generators, and bus systems.

How it could be exploited

An attacker with physical or local network access to a computer running MiCOM S1 Studio can exploit improper authorization checks to access and modify configuration files without proper credentials. These files control protection relay behavior, including trip settings and alarm thresholds.

Prerequisites

Local or adjacent network access to a machine running MiCOM S1 Studio
No valid engineering credentials required
MiCOM S1 Studio software installed and running

No fix available from vendor (end-of-life product)Local/adjacent network access requiredCan disable safety-critical protection relaysAuthorization bypass vulnerability

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (1)

ProductAffected VersionsFix Status

MiCOM S1 Studio Software: vers:all/*All versionsNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGRestrict physical and network access to engineering workstations running MiCOM S1 Studio; limit access to authorized personnel only

HARDENINGImplement strict access controls and user account management on computers running MiCOM S1 Studio

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGStore MiCOM S1 configuration files in protected directories with file-level permissions; restrict read/write access to authorized users

HARDENINGMonitor configuration file changes and access logs for unauthorized modifications

Mitigations - no patch available

0/1

MiCOM S1 Studio Software: vers:all/* has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGConsider segmenting engineering workstations from general office networks

CVEs (1)

CVE-2013-0687

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/252403c3-0355-45fe-85e1-fde2a4ab60e0

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.