Schneider-Electric Vampset vulnerabilities

CVE-2017-7967 [MEDIUM] CWE-119 CVE-2017-7967: All versions of VAMPSET software produced by Schneider Electric, prior to V2.2.189, are susceptible All versions of VAMPSET software produced by Schneider Electric, prior to V2.2.189, are susceptible to a memory corruption vulnerability when a corrupted vf2 file is used. This vulnerability causes the software to halt or not start when trying to open the corrupted file. This vulnerability occurs when fill settings are intentionally malformed and is op

CVE-2014-8390 [MEDIUM] CWE-119 CVE-2014-8390: Multiple buffer overflows in Schneider Electric VAMPSET before 2.2.168 allow local users to gain pri Multiple buffer overflows in Schneider Electric VAMPSET before 2.2.168 allow local users to gain privileges via malformed disturbance-recording data in a (1) CFG or (2) DAT file.

CVE-2014-5407 [MEDIUM] CWE-121 CVE-2014-5407: Multiple stack-based buffer overflows in Schneider Electric VAMPSET 2.2.136 and earlier allow local Multiple stack-based buffer overflows in Schneider Electric VAMPSET 2.2.136 and earlier allow local users to cause a denial of service (application halt) via a malformed (1) setting file or (2) disturbance recording file.