Schneider Fixes Buffer Overflow

Friday, September 12, 2014 @ 01:09 PM gHale

Schneider Electric created an update that mitigates a buffer overflow vulnerability in its VAMPSET software product, according to a report on ICS-CERT.

Aivar Liimets of Martem AS, who found the hole and reported it directly to Schneider Electric who then reported it to ICS-CERT once they fixed the problem, tested the update to validate it resolves the vulnerability.

Sensys Fixes Traffic Sensor Holes
Schneider Fixes Wonderware Holes
CG Automation Fixes Improper Input Validation
Siemens Fixes SIMATIC S7-1500 CPU Hole

VAMPSET, v2.2.136 and all previous versions suffers from the issue.

VAMPSET software halts when trying to open a corrupted file. Even though Windows operating system remains operational, VAMPSET does not respond until the corresponding process terminates.

Schneider Electric’s corporate headquarters are in Paris, France, and it maintains offices in more than 100 countries worldwide.

The affected product, VAMPSET software, configures and maintains multiple protection relays and arc monitoring units. According to Schneider Electric, this product sees action in the energy sector. Schneider Electric estimates this product sees use on all continents, in 60 countries world-wide.

The vulnerability in VAMPSET comes as the result of opening corrupted VAMPSET setting files or disturbance recording files. This vulnerability causes VAMPSET to halt when it tries to open a corrupted file. The Windows operating system remains operational while VAMPSET does not respond until the corresponding process ends up terminated.

CVE-2014-5407 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 4.1.

The exploit only triggers when a local user runs the vulnerable application and loads the malformed VAMPSET setting file.

No known public exploits specifically target this vulnerability.

Crafting a working exploit for this vulnerability would be difficult. Social engineering would end up used to convince a user to accept the malformed VAMPSET setting file. There would have to be additional user interaction to load the malformed file. This decreases the likelihood of a successful exploit.

Schneider Electric released an update for distribution on August 21. Click here for the VAMPSET setting tool, v.2.2.145 or newer.

Schneider Electric recommends all customers and users install and use VAMPSET v.2.2.145 or newer.

Leave a Reply

You must be logged in to post a comment.