Untrusted Search Path Vulnerability in SoMachine HVAC by Schneider Electric
CVE-2019-6826

7.8HIGH

Key Information:

Vendor: Schneider Electric
Status: Somachine Hvac
Vendor: CVE Published:; 17 September 2019

Summary

An untrusted search path vulnerability exists in SoMachine HVAC, allowing attackers to exploit the loading of malicious DLL libraries. This could lead to arbitrary code execution on the system running the affected software, potentially compromising the integrity and security of the entire environment. Users are urged to update to newer versions to mitigate this risk.

Affected Version(s)

SoMachine HVAC v2.4.1 and earlier versions

References

https://www.schneider-electric.com/en/download/document/S...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 17, 2019
Vulnerability Reserved
Jan 25, 2019