Security Affairs
JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Schneider Electric VAMPSET Software Vulnerability Detected, Causing Random Code Executed

A vulnerability in Schneider Electric VAMPSET Software allows attackers to penetrate the system and trigger arbitrary code execution. According to the recent advisories issued by Schneider Electric and ICS – CERT, there is a vulnerability (CVE-2014-8390) that can allow hackers to penetrate the system and trigger arbitrary code execution. The vulnerability was identified and made […]

Schneider Electric VAMPSET Software Vulnerability Detected, Causing Random Code Executed

A vulnerability in Schneider Electric VAMPSET Software allows attackers to penetrate the system and trigger arbitrary code execution.

According to the recent advisories issued by Schneider Electric and ICS – CERT, there is a vulnerability (CVE-2014-8390) that can allow hackers to penetrate the system and trigger arbitrary code execution. The vulnerability was identified and made public by Core Security.

Schneider Electric VAMPSET Software has been found lacking in security layering, which brings hackers’ skillfulness and sophistication to the spotlight once more. As it has turned out, the VAMPSET can be taken advantage by crackers and professionals who wish to control the software thanks to this vulnerability. Consequently, the hackers can take control and cause random code executed by the software – unlike it has been designed to operate.

According to ICS – CERT, the potential impact of such a flaw can be truly severe:

“An attacker who exploits this vulnerability may be able to execute arbitrary code. Impact to individual organizations depends on many factors that are unique to each organization. ICS – CERT recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation.”

The recommendations of ICS – CERT, needless to say, should be taken into some serious consideration and not dealt with lightly.

Not all the versions of VAMPSET are vulnerable to the flaw detected, on the bright side. To be more specific, only V2.2.145 and all the versions that have been released prior to that are facing this displeasing consequence. So, all the other versions that are newer than the V2.2.145 are in no danger to this date.

VAMPSET software

It is also worth noting that Schneider Electric has also released an advisory on the matter. This is characterized as an “Important Security Notification” and is dated “25th March, 2015”. According to their advisory, they have become well aware of the security flaw and they have been dealing with the vulnerability in an efficient manner. To quote their point of view as to the extent and severity of the flaw:

“The vulnerability in VAMPSET is caused by opening malformed VAMPSET disturbance recorder files. VAMPSET becomes halted when trying to open a corrupted file. Even though Windows operating system remain operational, VAMPSET does not respond anymore until the corresponding process is terminated. This is caused by a buffer overflow which could result in remote code execution.”

The vulnerability was identified and made public by Core Security and the issue has been addressed to the company (Schneider Electric) from the middle of February, based on what Core states. Ricardo Navarja, who is a researcher for Core Security, eventually noticed that something is wrong and that any local attacker could benefit from the cracks in the overall security layering of VAMPSET. Following the discovery and the analysis of the vulnerability, Core Security published even more detailed information on the flaw and on the possible solutions or workarounds related to that.

Along with that, on the very same publication by Core Security you can see the detailed timeline that reveals the first discovery of the flaw on 29th January, with other significant dates stretching all the way to 30th March. This is definitely an interesting piece of information, which guides us through the different phases of communication between the company and the security researchers.

Written by: Ali Qamar, Founder/Chief Editor at SecurityGladiators.com

Author Bio:
Ali Qamar is an Internet security research enthusiast who enjoys “deep” research to dig out modern discoveries in the security industry. He is the founder and chief editor at SecurityGladiators.com, an ultimate source for worldwide security awareness having supreme mission of making the internet more safe, secure, aware and reliable. Follow Ali on Twitter @AliQammar57

Edited by Pierluigi Paganini

(Security Affairs –  VAMPSET)