VYPR

Somachine Hvac

by Schneider Electric

CVEs (4)

  • CVE-2019-6826HigSep 17, 2019
    risk 0.51cvss 7.8epss 0.01

    A CWE-426: Untrusted Search Path vulnerability exists in SoMachine HVAC v2.4.1 and earlier versions, which could cause arbitrary code execution on the system running SoMachine HVAC when a malicious DLL library is loaded by the product.

  • CVE-2016-4529HigJul 15, 2016
    risk 0.48cvss 7.3epss 0.05

    An unspecified ActiveX control in Schneider Electric SoMachine HVAC Programming Software for M171/M172 Controllers before 2.1.0 allows remote attackers to execute arbitrary code via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag.

  • CVE-2017-7965HigJun 7, 2017
    risk 0.47cvss 7.3epss 0.00

    A buffer overflow vulnerability exists in Programming Software executable AlTracePrint.exe, in Schneider Electric's SoMachine HVAC v2.1.0 for Modicon M171/M172 Controller.

  • CVE-2022-2988MedJan 30, 2023
    risk 0.28cvss 4.3epss 0.00

    A CWE-787: Out-of-bounds Write vulnerability exists that could cause sensitive information leakage when accessing a malicious web page from the commissioning software. Affected Products: SoMachine HVAC (Versions prior to V2.1.0), EcoStruxure Machine Expert – HVAC (Versions…