Schneider Electric SoMachine HVAC Unsafe ActiveX Control Vulnerability
An unsafe ActiveX control vulnerability in Schneider Electric’s SoMachine software.
- SoMachine HVAC-Application Version 2.0.2 and previous.
An exploitation of this vulnerability may allow an attacker to remotely execute arbitrary code.
Schneider Electric’s corporate headquarters is located in Paris, France, and it maintains offices in more than 100 countries worldwide.
The affected product, SoMachine, is software for developing, configuring, and commissioning a machine in a single software environment, including logic, motion control, HMI, and related network automation functions.
An ActiveX control is intended for restricted use, but it has been marked as safe-for-scripting.
This vulnerability could be exploited remotely.
EXISTENCE OF EXPLOIT
No known public exploits specifically target this vulnerability.
Schneider Electric has released a patch that resolves the vulnerability. Schneider Electric’s patch is available at the following location: