Schneider Electric SoMachine HVAC

Schneider Electric SoMachine HVAC Unsafe ActiveX Control Vulnerability

CVE-2016-4529

maxresdefault

An unsafe ActiveX control vulnerability in Schneider Electric’s SoMachine software.

  • SoMachine HVAC-Application Version 2.0.2 and previous.

IMPACT

An exploitation of this vulnerability may allow an attacker to remotely execute arbitrary code.

BACKGROUND

Schneider Electric’s corporate headquarters is located in Paris, France, and it maintains offices in more than 100 countries worldwide.

The affected product, SoMachine, is software for developing, configuring, and commissioning a machine in a single software environment, including logic, motion control, HMI, and related network automation functions.

VULNERABILITY

An ActiveX control is intended for restricted use, but it has been marked as safe-for-scripting.

EXPLOITABILITY

This vulnerability could be exploited remotely.

EXISTENCE OF EXPLOIT

No known public exploits specifically target this vulnerability.

MITIGATION

Schneider Electric has released a patch that resolves the vulnerability. Schneider Electric’s patch is available at the following location: