Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Flaw in Schneider Electric Vamp Software Allows Arbitrary Code Execution

A vulnerability discovered in Schneider Electric’s VAMPSET software can be exploited to execute arbitrary code on affected systems, ICS-CERT reported last week.

The VAMPSET software is a setting and configuration tool for Vamp protection relays, the Vamp 321 arc flash protection unit, and measuring and monitoring units.

A vulnerability discovered in Schneider Electric’s VAMPSET software can be exploited to execute arbitrary code on affected systems, ICS-CERT reported last week.

The VAMPSET software is a setting and configuration tool for Vamp protection relays, the Vamp 321 arc flash protection unit, and measuring and monitoring units.

Core Security researcher Ricardo Narvaja discovered that the software product is plagued by a buffer overflow vulnerability (CVE-2014-8390) that can be exploited by a local attacker to execute arbitrary code. The flaw affects VAMPSET software version 2.2.145 and prior.Vamp protection relay

“VAMPSET is vulnerable to a Stack-based and Heap-based buffer overflow attack, which can be exploited by attackers to execute arbitrary code by providing a malicious CFG or DAT file with specific parameters,” ICS-CERT noted in its advisory. “These malformed or corrupted disturbance recording files cause VAMPSET to crash when opened in a stand-alone state, without connection to a protection relay. This vulnerability has no effect on the Windows Operating System.”

The VAMPSET vulnerability can be exploited by loading a malformed VAMPSET disturbance recording file on the affected system. However, the security hole cannot be exploited remotely so the attacker must convince maintenance personnel to accept a malicious file and open it with a vulnerable version of the software.

Schneider Electric has released VAMPSET 2.2.168 to ensure that malformed disturbance recording files are handled properly. The company also advises organizations that use the configuration tool to leverage User Access Control (UAC) and employ best security practices in order to prevent successful attacks.

“Additionally, to minimize the risk of attack, users who are not directly using this software on a regular basis are strongly encouraged to delete this application from their computer to reduce the likelihood of attack and to store relay’s configuration files in the client’s protected location,” the energy giant said in its advisory.

Core Security’s own vulnerability report, which contains additional technical details on the issue, shows that the flaw was reported directly to Schneider Electric in mid-February.

This isn’t the first time researchers find a buffer overflow flaw in the VAMPSET software. In September 2014, Aivar Liimets of Martem AS identified a stack-based buffer overflow that could have been exploited with the aid of corrupted setting files or disturbance recording files to crash the configuration tool.

Advertisement. Scroll to continue reading.

Related: Learn More At the ICS Cyber Security Conference

Related: Schneider Electric Fixes Vulnerabilities in HMI Products

Related: Schneider Electric Patches Flaw in Pelco Video Management Software

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.