Main Vulnerability Database Vulnerabilities #VU6603

Denial of service in VAMPSET - CVE-2017-7967

Published: May 18, 2017

Vulnerability identifier: #VU6603

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-7967

CWE-ID: CWE-120

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Schneider Electric

Affected software:
VAMPSET

Detailed vulnerability description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to buffer overflow when processing corrupted vf2 files. A local attacker can trigger memory corruption by using a vf2 file and cause the software to halt or not start when trying to open the corrupted file.

Successful exploitation of the vulnerability results in denial of service.

How to mitigate CVE-2017-7967

Update to version 2.2.191.

Sources

https://ics-cert.us-cert.gov/advisories/ICSA-17-136-04

Denial of service in VAMPSET - CVE-2017-7967

Detailed vulnerability description

How to mitigate CVE-2017-7967

Sources

Please verify you're human