CVE-2016-4529

Published: Jul 15, 2016Modified: May 6, 2026

7.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Exploitability: 3.9 / Impact: 3.4

Source: NVD

Description

An unspecified ActiveX control in Schneider Electric SoMachine HVAC Programming Software for M171/M172 Controllers before 2.1.0 allows remote attackers to execute arbitrary code via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag.

Affected (1)

Products: Schneider Electric: Somachine Hvac Firmware

Schneider Electric

1 product

Somachine Hvac Firmware

Configuration A

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Schneider Electric Somachine Hvac Firmware	Up to 2.0.2

Running on/with	Platform Versions
Schneider Electric M171	All versions
Schneider Electric M172	All versions

References (8)

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2016-161-01

Source: ics-cert@hq.dhs.gov

PatchVendor Advisory

http://www.securityfocus.com/bid/91778

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryVDB Entry

http://www.zerodayinitiative.com/advisories/ZDI-16-440

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-16-196-03

Source: ics-cert@hq.dhs.gov

MitigationThird Party AdvisoryUS Government Resource

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2016-161-01

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/bid/91778

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.zerodayinitiative.com/advisories/ZDI-16-440

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-16-196-03

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationThird Party AdvisoryUS Government Resource

Timeline

No history available yet.