Schneider Electric VAMPSET Software Buffer Overflow Vulnerability

Low RiskICS-CERT ICSA-15-092-01Jan 3, 2015

Summary

VAMPSET versions V2.2.145 and earlier contain a stack-based buffer overflow vulnerability (CWE-121) that could allow local code execution. The vulnerability exists in how VAMPSET processes input, potentially through file operations or command parameters. Schneider Electric has indicated no fix is planned for this product.

What this means

What could happen

A buffer overflow in VAMPSET could allow an attacker with local access to execute arbitrary code on the engineering workstation, potentially enabling modification of electrical equipment configuration or parameters.

Who's at risk

Energy utilities and substation engineering teams who use Schneider Electric VAMPSET software for electrical equipment configuration and management. This affects anyone on engineering workstations or control centers that run VAMPSET for protecting or configuring electrical distribution equipment, switchgear, or protection relays.

How it could be exploited

An attacker with local access to a workstation running VAMPSET could exploit a buffer overflow by providing malformed input (file, command parameter, or network data) that overwrites memory. This could allow code execution with the privileges of the VAMPSET application or the logged-in user, potentially allowing them to modify electrical distribution or protection settings.

Prerequisites

Local access to workstation running VAMPSET
Ability to provide input to the application (file upload, crafted network packet, or interactive parameter)
VAMPSET version V2.2.145 or earlier

no patch availablebuffer overflow allows arbitrary code executionaffects engineering/administrative tools for critical infrastructureend-of-life product

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (1)

ProductAffected VersionsFix Status

VAMPSET: <=V2.2.145≤ V2.2.145No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/1

HARDENINGRestrict local and remote access to workstations running VAMPSET to authorized personnel only. Use Windows access controls and firewall rules to limit who can interact with the system.

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

WORKAROUNDDisable or isolate VAMPSET instances that are no longer in use. If the software is no longer needed, uninstall it to eliminate the attack surface.

Mitigations - no patch available

0/2

VAMPSET: <=V2.2.145 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGMonitor for suspicious activity on systems running VAMPSET, particularly unexpected process execution or memory access patterns that could indicate exploitation attempts.

HARDENINGConsider migrating to alternative vendor solutions that actively maintain security patches if VAMPSET is critical to your operations, since no fix is planned.

CVEs (1)

CVE-2014-8390

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/9c5b9075-13ed-440a-bd7a-3a10658af140