Intrusion Prevention

Schneider.Electric.VAMPSET.Memory.Corruption

Description

This indicates an attack attempt against a Memory Corruption vulnerability in Schneider Electric VAMPSET.
The vulnerability is caused by an error when the vulnerable software handles a corrupted vf2 file. A remote attacker may be able to exploit this via a crafted vf2 file.

Affected Products

VAMPSET, prior to v2.2.189 version

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Upgrade to the latest version, available from the website.
http://www.schneider-electric.com/en/download/document/SEVD-2017-061-01/

CVE References

CVE-2017-7967