DLL Hijacking Vulnerability in Schneider Electric's SoMachine HVAC Software
CVE-2017-7966

8.8HIGH

Key Information:

Vendor: Schneider Electric
Status: Somachine Hvac Programming Software
Vendor: CVE Published:; 7 June 2017

🔔 Create Schneider Electric Vulnerability Alert

What is CVE-2017-7966?

A DLL hijacking vulnerability exists in Schneider Electric's SoMachine HVAC v2.1.0 software, allowing an attacker to manipulate the loading of Dynamic Link Libraries (DLLs). This flaw can enable unauthorized remote code execution, potentially compromising the security and functionality of the affected system. Proper patching and security practices are essential to mitigate this risk.

Affected Version(s)

SoMachine HVAC Programming Software v2.1.0 for Modicon M171/M172 Controllers

References

http://www.schneider-electric.com/en/download/document/SE...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/98446

vdb-entryx_refsource_BID

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 7, 2017
Vulnerability Reserved
Apr 19, 2017