Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » Flaw in Schneider Electric vamp software allows arbitrary code execution

Flaw in Schneider Electric vamp software allows arbitrary code execution

2015/04/06

Securityweek - (International) The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) released an advisory stating that Schneider Electric's VAMPSET software is vulnerable to stack-based and heap-based buffer overflow attacks that can be exploited to execute arbitrary code via malformed VAMPSET disturbance recording files on the affected systems. The company released an update fixing the issue and advised organizations that use the software to leverage User Access Control (UAC) features and employ best security practices.

Source: http://www.securityweek.com/flaw-schneider-electric-vamp-software-allows-arbitrary-code-execution

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:23:57