Flaw in Schneider Electric Vamp Software Allows Arbitrary Code Execution

 April 6, 2015

A vulnerability discovered in Schneider Electric’s VAMPSET software can be exploited to execute arbitrary code on affected systems, ICS-CERT reported last week.

The VAMPSET software is a setting and configuration tool for Vamp protection relays, the Vamp 321 arc flash protection unit, and measuring and monitoring units.

Core Security researcher Ricardo Narvaja discovered that the software product is plagued by a buffer overflow vulnerability (CVE-2014-8390) that can be exploited by a local attacker to execute arbitrary code. The flaw affects VAMPSET software version 2.2.145 and prior.

“VAMPSET is vulnerable to a Stack-based and Heap-based buffer overflow attack, which can be exploited by attackers to execute arbitrary code by providing a malicious CFG or DAT file with specific parameters,” ICS-CERT noted in its advisory. “These malformed or corrupted disturbance recording files cause VAMPSET to crash when opened in a stand-alone state, without connection to a protection relay. This vulnerability has no effect on the Windows Operating System.”

Read full story…