Alstom Grid S1 Agile Improper Authorization

Low RiskICS-CERT ICSA-13-184-01Apr 5, 2013

Summary

MiCOM S1 Agile and legacy MiCOM S1 Studio software contain an improper authorization vulnerability (CWE-284) that allows unauthorized access to protection relay configuration and management functions without valid credentials or appropriate permissions.

What this means

What could happen

An attacker with network access to the MiCOM S1 Agile software could bypass authorization controls and gain unauthorized access to the protection relay configuration, potentially allowing them to alter protection settings or disable critical power system protections.

Who's at risk

Power utilities and energy operators using Alstom Grid MiCOM S1 Agile protection relay software and MiCOM S1 Studio for relay configuration and management. This affects any organization relying on these tools to configure and manage transmission or distribution protection systems.

How it could be exploited

An attacker connects to the MiCOM S1 Agile software over the network and exploits the improper authorization vulnerability to access functions or data without providing valid credentials or appropriate permissions, allowing modification of relay configuration.

Prerequisites

Network access to the MiCOM S1 Agile or MiCOM S1 Studio software interface
No valid credentials required

no authentication requiredno patch availableaffects safety systems

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (2)

2 EOL

ProductAffected VersionsFix Status

MiCOM S1 Agile Software: <=v1.0.2≤ v1.0.2No fix (EOL)

Legacy MiCOM S1 Studio Software: vers:all/*All versionsNo fix (EOL)

Remediation & Mitigation

0/3

Do now

0/2

HARDENINGImplement network segmentation to restrict access to MiCOM S1 Agile software and engineering workstations to authorized personnel only; use firewall rules to limit connections to trusted engineering networks only

WORKAROUNDDisable remote access to MiCOM S1 Agile and MiCOM S1 Studio software unless absolutely necessary; configure local-only access where possible

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor network traffic to and from MiCOM S1 systems for unauthorized access attempts and configuration changes

CVEs (1)

CVE-2013-2786

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f3046819-e92d-4bce-8087-2a7b1d338882