OpenCVE

General Electric MiCOM S1 Agile is vulnerable to an attacker achieving code execution by placing malicious DLL files in the directory of the application.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ge	Micom S1 Agile

Configuration 1 [-]

cpe:2.3:a:ge:micom_s1_agile:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.cisa.gov/news-events/ics-advisories/icsa-23-311-23

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2023-11-07T16:34:41.246Z

Updated: 2024-08-02T05:24:34.718Z

Reserved: 2023-02-17T21:23:33.224Z

Link: CVE-2023-0898

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-11-07T17:15:09.413

Modified: 2024-11-21T07:38:03.390

Link: CVE-2023-0898

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-0898", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2023-02-17T21:23:33.224Z", "datePublished": "2023-11-07T16:34:41.246Z", "dateUpdated": "2024-08-02T05:24:34.718Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "MiCOM S1 Agile", "vendor": "General Electric", "versions": [{"status": "affected", "version": "All versions "}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Sushant Mane from CoE-CNDS Lab, VJTI"}, {"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": " Anooja Joy from CoE-CNDS Lab, VJTI"}, {"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Dr. Faruk Kazi from CoE-CNDS Lab, VJTI"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<p>General Electric MiCOM S1 Agile is vulnerable to an attacker achieving code execution by placing malicious DLL files in the directory of the application.</p><br>\n\n"}], "value": "\nGeneral Electric MiCOM S1 Agile is vulnerable to an attacker achieving code execution by placing malicious DLL files in the directory of the application.\n\n\n\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-427", "description": "CWE-427 Uncontrolled Search Path Element", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2023-11-07T16:34:41.246Z"}, "references": [{"tags": ["government-resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-311-23"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<p>General Electric has released an update that resolves this vulnerability. No action is required by the customer.</p><p>For more information, see General Electric's <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.gegridsolutions.com/app/viewfiles.aspx?prod=S1Agile&type=21\">Security Advisory</a>.</p>\n\n<br>"}], "value": "\nGeneral Electric has released an update that resolves this vulnerability. No action is required by the customer.\n\nFor more information, see General Electric's Security Advisory https://www.gegridsolutions.com/app/viewfiles.aspx .\n\n\n\n\n"}], "source": {"discovery": "UNKNOWN"}, "title": "Uncontrolled Search Path Element in GE MiCOM S1 Agile", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:24:34.718Z"}, "title": "CVE Program Container", "references": [{"tags": ["government-resource", "x_transferred"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-311-23"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ge:micom_s1_agile:-:*:*:*:*:*:*:*", "matchCriteriaId": "F047616F-BABF-464B-A146-030336BD0440", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "\nGeneral Electric MiCOM S1 Agile is vulnerable to an attacker achieving code execution by placing malicious DLL files in the directory of the application.\n\n\n\n\n"}, {"lang": "es", "value": "General Electric MiCOM S1 Agile es vulnerable a que un atacante logre la ejecuci\u00f3n de c\u00f3digo colocando archivos DLL maliciosos en el directorio de la aplicaci\u00f3n."}], "id": "CVE-2023-0898", "lastModified": "2024-11-21T07:38:03.390", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 0.6, "impactScore": 4.7, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-07T17:15:09.413", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-311-23"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-311-23"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-427"}], "source": "nvd@nist.gov", "type": "Primary"}]}