CVE-2014-8390
Schneider Electric VAMPSET < 2.2.145 - Privilege Escalation via Malformed CFG or DAT File
Title source: llmDescription
Multiple buffer overflows in Schneider Electric VAMPSET before 2.2.168 allow local users to gain privileges via malformed disturbance-recording data in a (1) CFG or (2) DAT file.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/535142/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/73405
Exploit, Third Party Advisory x_refsource_misc
http://www.coresecurity.com/advisories/schneider-vampset-stack-and-heap-buffer-overflow
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-15-092-01
Patch, Vendor Advisory x_refsource_confirm
http://www.schneider-electric.com/ww/en/download/document/SEVD-2015-084-01
Scores
EPSS
0.0016
EPSS Percentile
36.7%
Details
CWE
CWE-119
Status
published
Products (1)
schneider-electric/vampset
< 2.2.145
Published
Apr 03, 2015
Tracked Since
Feb 18, 2026