Vulnerabilities > CVE-2016-4529 - Unspecified vulnerability in Schneider-Electric Somachine Hvac Firmware 2.0.2

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

schneider-electric

NVD

Published: 2016-07-15

Updated: 2022-02-03

Summary

An unspecified ActiveX control in Schneider Electric SoMachine HVAC Programming Software for M171/M172 Controllers before 2.1.0 allows remote attackers to execute arbitrary code via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag.

Vulnerable Configurations

Part	Description	Count
Hardware	Schneider-Electric Schneider Electric M172 - Schneider Electric M171 -	2
OS	Schneider-Electric Schneider Electric Somachine Hvac Firmware 2.0.2	1

References

https://ics-cert.us-cert.gov/advisories/ICSA-16-196-03
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2016-161-01
http://www.zerodayinitiative.com/advisories/ZDI-16-440
http://www.securityfocus.com/bid/91778