{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "VAMPSET", "vendor": "Schneider Electric", "versions": [{"lessThanOrEqual": "2.2.136", "status": "affected", "version": "0", "versionType": "custom"}, {"status": "unaffected", "version": "2.2.145"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Aivar Liimets of Martem AS"}], "datePublic": "2014-09-11T06:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Multiple stack-based buffer overflows in Schneider Electric VAMPSET 2.2.136 and earlier allow local users to cause a denial of service (application halt) via a malformed (1) setting file or (2) disturbance recording file.</p>"}], "value": "Multiple stack-based buffer overflows in Schneider Electric VAMPSET 2.2.136 and earlier allow local users to cause a denial of service (application halt) via a malformed (1) setting file or (2) disturbance recording file."}], "metrics": [{"cvssV2_0": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "CWE-121", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-11-03T18:52:21.206Z"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-254-01"}, {"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-254-01.json"}, {"url": "http://www.schneider-electric.com/products/ww/en/2300-ied-user-software/2320-vamp-user-software/62050-vamp-software/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Schneider Electric released an update for distribution on August 21, \n2014. The VAMPSET setting tool, v.2.2.145 or newer, can be found here:</p>\n<p><a target=\"_blank\" rel=\"nofollow\" href=\"http://www.schneider-electric.com/products/ww/en/2300-ied-user-software/2320-vamp-user-software/62050-vamp-software/\">http://www.schneider-electric.com/products/ww/en/2300-ied-user-software/2320-vamp-user-software/62050-vamp-software/</a></p>Schneider Electric recommends that all customers and users install and use VAMPSET v.2.2.145 or newer.\n\n<br>"}], "value": "Schneider Electric released an update for distribution on August 21, \n2014. The VAMPSET setting tool, v.2.2.145 or newer, can be found here:\n\n\n http://www.schneider-electric.com/products/ww/en/2300-ied-user-software/2320-vamp-user-software/62050-vamp-software/ \n\nSchneider Electric recommends that all customers and users install and use VAMPSET v.2.2.145 or newer."}], "source": {"advisory": "ICSA-14-254-01", "discovery": "EXTERNAL"}, "title": "Schneider Electric VAMPSET Stack-based Buffer Overflow", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "To protect the computer and configuration files from unauthorized \nescalation of privileges through manipulation, Schneider Electric \nrecommends users employ best IT practices to secure their computers and \nrelay\u2019s configuration files and to use User Access Control (UAC) to \nfurther improve the security of the computer. Additionally, to minimize \nthe risk of attack, users who are not directly using this software on a \nregular basis are strongly encouraged to delete this application from \ntheir computer to reduce the likelihood of attack and to store relay \nconfiguration files in the client\u2019s protected location.\n\n<br>"}], "value": "To protect the computer and configuration files from unauthorized \nescalation of privileges through manipulation, Schneider Electric \nrecommends users employ best IT practices to secure their computers and \nrelay\u2019s configuration files and to use User Access Control (UAC) to \nfurther improve the security of the computer. Additionally, to minimize \nthe risk of attack, users who are not directly using this software on a \nregular basis are strongly encouraged to delete this application from \ntheir computer to reduce the likelihood of attack and to store relay \nconfiguration files in the client\u2019s protected location."}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2014-5407", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple stack-based buffer overflows in Schneider Electric VAMPSET 2.2.136 and earlier allow local users to cause a denial of service (application halt) via a malformed (1) setting file or (2) disturbance recording file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-254-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-254-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T11:41:49.181Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-254-01"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2014-5407", "datePublished": "2014-09-15T14:00:00", "dateReserved": "2014-08-22T00:00:00", "dateUpdated": "2025-11-03T18:52:21.206Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.2"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:schneider-electric:vampset:*:*:*:*:*:*:*:*", "matchCriteriaId": "9B94A6E8-E88D-4165-850A-754573289558", "versionEndIncluding": "2.2.136", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in Schneider Electric VAMPSET 2.2.136 and earlier allow local users to cause a denial of service (application halt) via a malformed (1) setting file or (2) disturbance recording file."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de buffer basado en pila en Schneider Electric VAMPSET 2.2.136 y anteriores permite a usuarios locales causar una denegaci\u00f3n de servicio (parada de aplicaci\u00f3n) a trav\u00e9s de un (1) fichero de configuraci\u00f3n o (2) fichero de grabaci\u00f3n de disturbio malformados."}], "id": "CVE-2014-5407", "lastModified": "2025-11-03T19:15:38.683", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 2.7, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "ics-cert@hq.dhs.gov", "type": "Secondary", "userInteractionRequired": true}, {"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-09-15T14:55:11.697", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "http://www.schneider-electric.com/products/ww/en/2300-ied-user-software/2320-vamp-user-software/62050-vamp-software/"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-254-01.json"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-254-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-254-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{}

{}