Schneider Electric VAMPSET
ICSA： ICS Advisory (ICSA-17-136-04)
CVSS v3 5.6
ATTENTION: Low skill level to exploit.
Vendor: Schneider Electric
Vulnerability: Memory Corruption
Schneider Electric reports that the vulnerability affects the following VAMPSET setting and configuration software products:
- VAMPSET, versions prior to v2.2.189
Successful exploitation of this vulnerability could allow a local attacker to cause the software to enter a denial-of-service condition. The Windows operating system remains operational through the attack.
Schneider Electric has updated the VAMPSET tool in order to recognize malformed setting files. A new version of firmware with the fix for this vulnerability is available for download at the following location:
After the new version of firmware is installed, when a malformed file is loaded VAMPSET will remain operational and report to the user: “Cannot open file.”
Schneider Electric has issued Security Notification SEVD-2017-061-01, which contains additional information:
ICS-CERT recommends that users take the following measures to protect themselves from social engineering attacks:
- Do not click web links or open unsolicited attachments in email messages.
- Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
- Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.
ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Additional mitigation guidance and recommended practices are publicly available in the ICS‑CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.
No known public exploits specifically target this vulnerability. This vulnerability is not remotely exploitable.
VAMPSET is susceptible to a memory corruption vulnerability when a corrupted settings file is loaded. This vulnerability causes the software to halt or not start when trying to open the corrupted file.
CVE-2017-7967 has been assigned to this vulnerability. A CVSS v3 base score of 5.6 has been assigned; the CVSS vector string is (AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H).
Kushal Arvind Shah from Fortinet's Fortiguard Labs reported this vulnerability directly to Schneider Electric.
Critical Infrastructure Sectors: Energy
Countries/Areas Deployed: Worldwide
Company Headquarters Location: France