CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7967
https://notcve.org/view.php?id=CVE-2017-7967
All versions of VAMPSET software produced by Schneider Electric, prior to V2.2.189, are susceptible to a memory corruption vulnerability when a corrupted vf2 file is used. This vulnerability causes the software to halt or not start when trying to open the corrupted file. This vulnerability occurs when fill settings are intentionally malformed and is opened in a standalone state, without connection to a protection relay. This attack is not considered to be remotely exploitable. This vulnerability has no effect on the operation of the protection relay to which VAMPSET is connected. • http://www.schneider-electric.com/en/download/document/SEVD-2017-061-01 http://www.securityfocus.com/bid/97124 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.4EPSS: 4%CPEs: 1EXPL: 1CVE-2014-8390
https://notcve.org/view.php?id=CVE-2014-8390
Multiple buffer overflows in Schneider Electric VAMPSET before 2.2.168 allow local users to gain privileges via malformed disturbance-recording data in a (1) CFG or (2) DAT file. Múltiples desbordamientos de buffer en Schneider Electric VAMPSET anterior a 2.2.168 permiten a usuarios locales ganar privilegios a través de datos que graban disturbios malformados en un fichero (1) CFG o (2) DAT. • http://www.coresecurity.com/advisories/schneider-vampset-stack-and-heap-buffer-overflow http://www.schneider-electric.com/ww/en/download/document/SEVD-2015-084-01 http://www.securityfocus.com/archive/1/535142/100/0/threaded http://www.securityfocus.com/bid/73405 https://ics-cert.us-cert.gov/advisories/ICSA-15-092-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2014-5407
https://notcve.org/view.php?id=CVE-2014-5407
Multiple stack-based buffer overflows in Schneider Electric VAMPSET 2.2.136 and earlier allow local users to cause a denial of service (application halt) via a malformed (1) setting file or (2) disturbance recording file. Múltiples desbordamientos de buffer basado en pila en Schneider Electric VAMPSET 2.2.136 y anteriores permite a usuarios locales causar una denegación de servicio (parada de aplicación) a través de un (1) fichero de configuración o (2) fichero de grabación de disturbio malformados. • https://ics-cert.us-cert.gov/advisories/ICSA-14-254-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •