CVE-2017-7967

CWE-119Buffer Overflow3 documents3 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 81.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Schneider-electric VampsetSchneider Electric SE Vampset
Timeline
PublishedMay 9
Latest updateMay 17

Description

All versions of VAMPSET software produced by Schneider Electric, prior to V2.2.189, are susceptible to a memory corruption vulnerability when a corrupted vf2 file is used. This vulnerability causes the software to halt or not start when trying to open the corrupted file. This vulnerability occurs when fill settings are intentionally malformed and is opened in a standalone state, without connection to a protection relay. This attack is not considered to be remotely exploitable. This vulnerability

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5schneider_electric_se/vampsetAll versions prior to 2.2.189

🔴Vulnerability Details

2
GHSA
GHSA-m34p-hw58-6hwf: All versions of VAMPSET software produced by Schneider Electric, prior to V22022-05-17
CVEList
CVE-2017-7967: All versions of VAMPSET software produced by Schneider Electric, prior to V22017-05-09
CVE-2017-7967 (MEDIUM CVSS 5.5) | All versions of VAMPSET software pr | cvebase.io