{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"VAMPSET","vendor":"Schneider Electric","versions":[{"lessThanOrEqual":"2.2.136","status":"affected","version":"0","versionType":"custom"},{"status":"unaffected","version":"2.2.145"}]}],"credits":[{"lang":"en","type":"finder","value":"Aivar Liimets of Martem AS"}],"datePublic":"2014-09-11T06:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Multiple stack-based buffer overflows in Schneider Electric VAMPSET 2.2.136 and earlier allow local users to cause a denial of service (application halt) via a malformed (1) setting file or (2) disturbance recording file.</p>"}],"value":"Multiple stack-based buffer overflows in Schneider Electric VAMPSET 2.2.136 and earlier allow local users to cause a denial of service (application halt) via a malformed (1) setting file or (2) disturbance recording file."}],"metrics":[{"cvssV2_0":{"accessComplexity":"MEDIUM","accessVector":"LOCAL","authentication":"SINGLE","availabilityImpact":"PARTIAL","baseScore":4.1,"confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","vectorString":"AV:L/AC:M/Au:S/C:P/I:P/A:P","version":"2.0"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-121","description":"CWE-121","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","shortName":"icscert","dateUpdated":"2025-11-03T18:52:21.206Z"},"references":[{"tags":["x_refsource_MISC"],"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-14-254-01"},{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-254-01.json"},{"url":"http://www.schneider-electric.com/products/ww/en/2300-ied-user-software/2320-vamp-user-software/62050-vamp-software/"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Schneider Electric released an update for distribution on August 21, \n2014. The VAMPSET setting tool, v.2.2.145 or newer, can be found here:</p>\n<p><a target=\"_blank\" rel=\"nofollow\" href=\"http://www.schneider-electric.com/products/ww/en/2300-ied-user-software/2320-vamp-user-software/62050-vamp-software/\">http://www.schneider-electric.com/products/ww/en/2300-ied-user-software/2320-vamp-user-software/62050-vamp-software/</a></p>Schneider Electric recommends that all customers and users install and use VAMPSET v.2.2.145 or newer.\n\n<br>"}],"value":"Schneider Electric released an update for distribution on August 21, \n2014. The VAMPSET setting tool, v.2.2.145 or newer, can be found here:\n\n\n http://www.schneider-electric.com/products/ww/en/2300-ied-user-software/2320-vamp-user-software/62050-vamp-software/ \n\nSchneider Electric recommends that all customers and users install and use VAMPSET v.2.2.145 or newer."}],"source":{"advisory":"ICSA-14-254-01","discovery":"EXTERNAL"},"title":"Schneider Electric VAMPSET Stack-based Buffer Overflow","workarounds":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"To protect the computer and configuration files from unauthorized \nescalation of privileges through manipulation, Schneider Electric \nrecommends users employ best IT practices to secure their computers and \nrelay’s configuration files and to use User Access Control (UAC) to \nfurther improve the security of the computer. Additionally, to minimize \nthe risk of attack, users who are not directly using this software on a \nregular basis are strongly encouraged to delete this application from \ntheir computer to reduce the likelihood of attack and to store relay \nconfiguration files in the client’s protected location.\n\n<br>"}],"value":"To protect the computer and configuration files from unauthorized \nescalation of privileges through manipulation, Schneider Electric \nrecommends users employ best IT practices to secure their computers and \nrelay’s configuration files and to use User Access Control (UAC) to \nfurther improve the security of the computer. Additionally, to minimize \nthe risk of attack, users who are not directly using this software on a \nregular basis are strongly encouraged to delete this application from \ntheir computer to reduce the likelihood of attack and to store relay \nconfiguration files in the client’s protected location."}],"x_generator":{"engine":"Vulnogram 0.5.0"},"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"ics-cert@hq.dhs.gov","ID":"CVE-2014-5407","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple stack-based buffer overflows in Schneider Electric VAMPSET 2.2.136 and earlier allow local users to cause a denial of service (application halt) via a malformed (1) setting file or (2) disturbance recording file."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"https://ics-cert.us-cert.gov/advisories/ICSA-14-254-01","refsource":"MISC","url":"https://ics-cert.us-cert.gov/advisories/ICSA-14-254-01"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-06T11:41:49.181Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://ics-cert.us-cert.gov/advisories/ICSA-14-254-01"}]}]},"cveMetadata":{"assignerOrgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","assignerShortName":"icscert","cveId":"CVE-2014-5407","datePublished":"2014-09-15T14:00:00.000Z","dateReserved":"2014-08-22T00:00:00.000Z","dateUpdated":"2025-11-03T18:52:21.206Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"}