ICS-CERT Advisory: ICSA-13-100-01: Schneider Electric MiCOM S1 Studio Improper Authorization Vulnerability [open pdf - 68KB]
"This advisory provides mitigation details for a vulnerability affecting the Schneider Electric MiCOM S1 Studio Software. Independent researcher Michael Toecker of Digital Bond has identified an improper authorization vulnerability in the MiCOM S1 Studio Software using the Microsoft Attack Surface Analyzer tool. The vulnerability was disclosed to vendors prior to the 2013 Digital Bond S4 Conference and then presented at the conference. The function of MiCOM S1 Studio Software is to allow users to modify or manage the configuration parameters of electronic protective relays."
ICS-CERT Advisory No. 13-100-01; Industrial Controls System-Cyber Emergency Response Team Advisory No. 13-100-01
Industrial Control Systems Cyber Emergency Response Team: http://ics-cert.us-cert.gov/