Remote Code Execution Vulnerability in Schneider Electric SoMachine HVAC Programming Software

Remote Code Execution Vulnerability in Schneider Electric SoMachine HVAC Programming Software

CVE-2016-4529 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

An unspecified ActiveX control in Schneider Electric SoMachine HVAC Programming Software for M171/M172 Controllers before 2.1.0 allows remote attackers to execute arbitrary code via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag.

Learn more about our Web Application Penetration Testing UK.