Details of VAR-201409-0721

ID

VAR-201409-0721

CVE

CVE-2014-5407

TITLE

Schneider Electric VAMPSET Local Stack Buffer Overflow Vulnerability

Trust: 0.8

sources: IVD: dce1bf8e-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-06017

DESCRIPTION

Multiple stack-based buffer overflows in Schneider Electric VAMPSET 2.2.136 and earlier allow local users to cause a denial of service (application halt) via a malformed (1) setting file or (2) disturbance recording file. Schneider Electric VAMPSET is a free device management software for parameter setting and configuration relaying of VAMP relay protection. Schneider Electric VAMPSET has a local stack buffer overflow vulnerability that fails to properly check for user-entered data as it is copied to the buffer. An attacker could exploit this vulnerability to execute arbitrary code in the context of an application. Failed exploit attempts will result in a denial-of-service condition. VAMPSET 2.2.136 and prior versions are vulnerable. Schneider Electric VAMPSET is a set of software deployed in the energy industry by the French company Schneider Electric to configure and maintain multiple relays and arc monitors

Trust: 2.7

sources: NVD: CVE-2014-5407 // JVNDB: JVNDB-2014-004190 // CNVD: CNVD-2014-06017 // BID: 69764 // IVD: dce1bf8e-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-73348

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: dce1bf8e-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-06017

AFFECTED PRODUCTS

vendor:	schneider electric	model:	vampset	scope:	lte	version:	2.2.136	Trust: 1.8
vendor:	schneider	model:	electric vampset	scope:	lte	version:	<=2.2.136	Trust: 0.6
vendor:	schneider electric	model:	vampset	scope:	eq	version:	2.2.136	Trust: 0.6
vendor:	vampset	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: dce1bf8e-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-06017 // JVNDB: JVNDB-2014-004190 // CNNVD: CNNVD-201409-523 // NVD: CVE-2014-5407

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-5407
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-5407
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-06017
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201409-523
value:	MEDIUM
Trust: 0.6
IVD:	dce1bf8e-2351-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-73348
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-5407
severity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-06017
severity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	dce1bf8e-2351-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-73348
severity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: dce1bf8e-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-06017 // VULHUB: VHN-73348 // JVNDB: JVNDB-2014-004190 // CNNVD: CNNVD-201409-523 // NVD: CVE-2014-5407

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-73348 // JVNDB: JVNDB-2014-004190 // NVD: CVE-2014-5407

THREAT TYPE

local

Trust: 0.9

sources: BID: 69764 // CNNVD: CNNVD-201409-523

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: dce1bf8e-2351-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201409-523

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004190

PATCH

title:	Vamp Software	url:	http://www.schneider-electric.com/products/ww/en/2300-ied-user-software/2320-vamp-user-software/62050-vamp-software/	Trust: 0.8
title:	Schneider Electric VAMPSET Local Stack Buffer Overflow Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/50100	Trust: 0.6
title:	VAMP 50 default setting for VAMPSET	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51646	Trust: 0.6

sources: CNVD: CNVD-2014-06017 // JVNDB: JVNDB-2014-004190 // CNNVD: CNNVD-201409-523

EXTERNAL IDS

db:	NVD	id:	CVE-2014-5407	Trust: 3.6
db:	ICS CERT	id:	ICSA-14-254-01	Trust: 2.8
db:	BID	id:	69764	Trust: 1.0
db:	CNNVD	id:	CNNVD-201409-523	Trust: 0.9
db:	CNVD	id:	CNVD-2014-06017	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-004190	Trust: 0.8
db:	IVD	id:	DCE1BF8E-2351-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-73348	Trust: 0.1

sources: IVD: dce1bf8e-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-06017 // VULHUB: VHN-73348 // BID: 69764 // JVNDB: JVNDB-2014-004190 // CNNVD: CNNVD-201409-523 // NVD: CVE-2014-5407

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-14-254-01	Trust: 2.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5407	Trust: 1.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5407	Trust: 0.8
url:	http://www.securityfocus.com/bid/69764	Trust: 0.6
url:	http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true	Trust: 0.3

sources: CNVD: CNVD-2014-06017 // VULHUB: VHN-73348 // BID: 69764 // JVNDB: JVNDB-2014-004190 // CNNVD: CNNVD-201409-523 // NVD: CVE-2014-5407

CREDITS

Aivar Liimets of Martem AS

Trust: 0.3

sources: BID: 69764

SOURCES

db:	IVD	id:	dce1bf8e-2351-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2014-06017
db:	VULHUB	id:	VHN-73348
db:	BID	id:	69764
db:	JVNDB	id:	JVNDB-2014-004190
db:	CNNVD	id:	CNNVD-201409-523
db:	NVD	id:	CVE-2014-5407

LAST UPDATE DATE

2025-04-12T23:24:41.588000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-06017	date:	2014-09-18T00:00:00
db:	VULHUB	id:	VHN-73348	date:	2014-09-15T00:00:00
db:	BID	id:	69764	date:	2015-03-19T08:44:00
db:	JVNDB	id:	JVNDB-2014-004190	date:	2014-09-16T00:00:00
db:	CNNVD	id:	CNNVD-201409-523	date:	2014-09-16T00:00:00
db:	NVD	id:	CVE-2014-5407	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	IVD	id:	dce1bf8e-2351-11e6-abef-000c29c66e3d	date:	2014-09-18T00:00:00
db:	CNVD	id:	CNVD-2014-06017	date:	2014-09-18T00:00:00
db:	VULHUB	id:	VHN-73348	date:	2014-09-15T00:00:00
db:	BID	id:	69764	date:	2014-09-11T00:00:00
db:	JVNDB	id:	JVNDB-2014-004190	date:	2014-09-16T00:00:00
db:	CNNVD	id:	CNNVD-201409-523	date:	2014-09-16T00:00:00
db:	NVD	id:	CVE-2014-5407	date:	2014-09-15T14:55:11.697