HTTP: Schneider Electric VAMPSET CFG File Handling Buffer Overflow

This signature detects attempts to exploit a known vulnerability against Schneider. A successful exploit can lead to buffer overflow and remote code execution.

Extended Description

Multiple buffer overflows in Schneider Electric VAMPSET before 2.2.168 allow local users to gain privileges via malformed disturbance-recording data in a (1) CFG or (2) DAT file.

Affected Products

Schneider-electric vampset

References

CVE: CVE-2014-8390

Short Name
HTTP:STC:SCHNEIDER-CFG-FILE-BO
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Buffer CFG CVE-2014-8390 Electric File Handling Overflow Schneider VAMPSET
Release Date
05/18/2015
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3375
False Positive
Unknown
Vendors

Schneider-electric

CVSS Score

4.4

Found a potential security threat?