Schneider Electric VAMPSET ソフトウェアにおけるバッファエラーの脆弱性
| Title |
Schneider Electric VAMPSET ソフトウェアにおけるバッファエラーの脆弱性
|
| Summary |
Schneider Electric VAMPSET ソフトウェアには、バッファエラーの脆弱性が存在します。
|
| Possible impacts |
サービス運用妨害 (DoS) 状態にされる可能性があります。 |
| Solution |
ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date |
May 11, 2017, midnight |
| Registration Date |
June 13, 2017, 6:40 p.m. |
| Last Update |
June 13, 2017, 6:40 p.m. |
|
CVSS3.0 : 警告
|
| Score |
5.5
|
| Vector |
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
|
CVSS2.0 : 注意
|
| Score |
2.1
|
| Vector |
AV:L/AC:L/Au:N/C:N/I:N/A:P |
Affected System
| Schneider Electric |
|
VAMPSET 2.2.189 未満
|
CVE (情報セキュリティ 共通脆弱性識別子)
CWE (共通脆弱性タイプ一覧)
ベンダー情報
Change Log
| No |
Changed Details |
Date of change |
| 0 |
[2017年06月13日]
掲載 |
Feb. 17, 2018, 10:37 a.m. |
NVD Vulnerability Information
CVE-2017-7967
| Summary |
All versions of VAMPSET software produced by Schneider Electric, prior to V2.2.189, are susceptible to a memory corruption vulnerability when a corrupted vf2 file is used. This vulnerability causes the software to halt or not start when trying to open the corrupted file. This vulnerability occurs when fill settings are intentionally malformed and is opened in a standalone state, without connection to a protection relay. This attack is not considered to be remotely exploitable. This vulnerability has no effect on the operation of the protection relay to which VAMPSET is connected. As Windows operating system remains operational and VAMPSET responds, it is able to be shut down through its normal closing protocol.
|
| Publication Date |
May 10, 2017, 2:29 a.m. |
| Registration Date |
Jan. 26, 2021, 1:29 p.m. |
| Last Update |
Nov. 21, 2024, 12:33 p.m. |
Affected software configurations
| Configuration1 |
or higher |
or less |
more than |
less than |
| cpe:2.3:a:schneider-electric:vampset:*:*:*:*:*:*:*:* |
|
2.2.185 |
|
|
Related information, measures and tools
Common Vulnerabilities List