CVE-2016-4529

Опубликовано: 15 июл. 2016

Источник: nvd

CVSS3: 7.3

CVSS2: 7.5

EPSS Низкий

Описание

An unspecified ActiveX control in Schneider Electric SoMachine HVAC Programming Software for M171/M172 Controllers before 2.1.0 allows remote attackers to execute arbitrary code via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag.

Ссылки

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2016-161-01
Patch
Vendor Advisory
http://www.securityfocus.com/bid/91778
Third Party Advisory
VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-16-440
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-16-196-03
Mitigation
Third Party Advisory
US Government Resource
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2016-161-01
Patch
Vendor Advisory
http://www.securityfocus.com/bid/91778
Third Party Advisory
VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-16-440
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-16-196-03
Mitigation
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:h:schneider-electric:m171:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:m172:-:*:*:*:*:*:*:*

cpe:2.3:o:schneider-electric:somachine_hvac_firmware:*:*:*:*:*:*:*:*

Версия до 2.0.2 (включая)

EPSS

Процентиль: 89%

0.04299

Низкий

7.3 High

CVSS3

7.5 High

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-wh2j-cwv9-298v