← Back to home
ICSA-17-136-04  ·  Published 2017-05-16  ·  View on CISA ICS-CERT ↗

Schneider Electric VAMPSET

CVSS 5.6 MEDIUM

Risk Summary

ATTENTION: Low skill level to exploit.

CVEs (1)

Remediations

  • Schneider Electric has updated the VAMPSET tool in order to recognize malformed setting files. A new version of firmware with the fix for this vulnerability is available for download at the following location:
  • After the new version of firmware is installed, when a malformed file is loaded VAMPSET will remain operational and report to the user: “Cannot open file.”
  • Schneider Electric has issued Security Notification SEVD-2017-061-01, which contains additional information:

Affected Vendors

Schneider Electric Software, LLC

Affected Products (1)

Schneider Electric Software, LLC · VAMPSET < 2.2.189

Affected Sectors

Energy

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more