Schneider Electric VAMPSET


时间: 2017-05-16

风险等级: 未知

ICSA: ICS Advisory (ICSA-17-136-04)

厂商: 未知


CVSS v3 5.6

ATTENTION: Low skill level to exploit.

Vendor: Schneider Electric

Equipment: VAMPSET

Vulnerability: Memory Corruption


Schneider Electric reports that the vulnerability affects the following VAMPSET setting and configuration software products:

  • VAMPSET, versions prior to v2.2.189


Successful exploitation of this vulnerability could allow a local attacker to cause the software to enter a denial-of-service condition. The Windows operating system remains operational through the attack.


Schneider Electric has updated the VAMPSET tool in order to recognize malformed setting files. A new version of firmware with the fix for this vulnerability is available for download at the following location:

After the new version of firmware is installed, when a malformed file is loaded VAMPSET will remain operational and report to the user: “Cannot open file.”

Schneider Electric has issued Security Notification SEVD-2017-061-01, which contains additional information:

ICS-CERT recommends that users take the following measures to protect themselves from social engineering attacks:

ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Additional mitigation guidance and recommended practices are publicly available in the ICS‑CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.

Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.

No known public exploits specifically target this vulnerability. This vulnerability is not remotely exploitable.


VAMPSET is susceptible to a memory corruption vulnerability when a corrupted settings file is loaded. This vulnerability causes the software to halt or not start when trying to open the corrupted file.

CVE-2017-7967 has been assigned to this vulnerability. A CVSS v3 base score of 5.6 has been assigned; the CVSS vector string is (AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H).


Kushal Arvind Shah from Fortinet's Fortiguard Labs reported this vulnerability directly to Schneider Electric.


Critical Infrastructure Sectors: Energy

Countries/Areas Deployed: Worldwide

Company Headquarters Location: France