CVE-2014-5407

Schneider Electric VAMPSET < 2.2.136 - Denial of Service via Malformed Setting or Disturbance Recording File

Title source: llm

Description

Multiple stack-based buffer overflows in Schneider Electric VAMPSET 2.2.136 and earlier allow local users to cause a denial of service (application halt) via a malformed (1) setting file or (2) disturbance recording file.

References (4)

Core 4

Core References

Third Party Advisory, US Government Resource x_refsource_misc

https://www.cisa.gov/news-events/ics-advisories/icsa-14-254-01

Third Party Advisory, US Government Resource

https://ics-cert.us-cert.gov/advisories/ICSA-14-254-01

Various Sources

http://www.schneider-electric.com/products/ww/en/2300-ied-user-software/2320-vamp-user-software/62050-vamp-software/

Various Sources

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-254-01.json

View Writeup ZIP pw:eip

Scores

EPSS 0.0037

EPSS Percentile 28.8%

Details

CWE

CWE-119 CWE-121

Status published

Products (3)

Schneider Electric/VAMPSET < 2.2.136

Schneider Electric/VAMPSET 2.2.145

schneider-electric/vampset < 2.2.136

Published Sep 15, 2014

Tracked Since Feb 18, 2026