Remote Code Execution Vulnerability in Schneider Electric SoMachine HVAC Programming Software
CVE-2016-4529
7.3HIGH
Key Information:
- Vendor
Schneider Electric
- Status
- Vendor
- CVE Published:
- 15 July 2016
What is CVE-2016-4529?
The vulnerability allows remote attackers to execute arbitrary code on Schneider Electric's SoMachine HVAC Programming Software for M171/M172 Controllers prior to version 2.1.0. The issue is linked to an unspecified ActiveX control that fails to adequately enforce user security, permitting unauthorized remote code execution through unknown vectors. This vulnerability is specifically related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER flag, often recognized for its implications in enabling safe scripting features. Users of affected software versions should consider immediate remediation strategies to safeguard their systems.