CVE-2013-2786

{"id": "CVE-2013-2786", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 2.7, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-07-10T22:55:03.500", "references": [{"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-184-01", "tags": ["US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "Alstom Grid MiCOM S1 Agile before 1.0.3 and Alstom Grid MiCOM S1 Studio use weak permissions for the MiCOM S1 %PROGRAMFILES% directory, which allows local users to gain privileges via a Trojan horse executable file."}, {"lang": "es", "value": "Alstom Grid MiCOM S1 Agile anterior a v1.0.3 y Alstom Grid MiCOM S1 Studio usa permisos d\u00e9biles para el directorio MiCOM S1 %PROGRAMFILES%, permitiendo a usuarios locales ganar privilegios mediante un troyano."}], "lastModified": "2013-07-11T04:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:alstom:micom_s1_agile:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "447FE515-B056-4EAB-84E3-747BA30558D1", "versionEndIncluding": "1.0.2"}, {"criteria": "cpe:2.3:a:alstom:micom_s1_studio:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "800D74C7-F46C-4790-A5F7-7195F6C50699"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}