Somachine Hvac CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2017-7965	1 Schneider-electric	1 Somachine Hvac	2025-04-20	7.3 High
A buffer overflow vulnerability exists in Programming Software executable AlTracePrint.exe, in Schneider Electric's SoMachine HVAC v2.1.0 for Modicon M171/M172 Controller.
CVE-2016-4529	1 Schneider-electric	3 M171, M172, Somachine Hvac Firmware	2025-04-12	7.3 High
An unspecified ActiveX control in Schneider Electric SoMachine HVAC Programming Software for M171/M172 Controllers before 2.1.0 allows remote attackers to execute arbitrary code via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag.
CVE-2022-2988	1 Schneider-electric	2 Ecostruxure Machine Expert - Hvac, Somachine Hvac	2025-02-05	4.3 Medium
A CWE-787: Out-of-bounds Write vulnerability exists that could cause sensitive information leakage when accessing a malicious web page from the commissioning software. Affected Products: SoMachine HVAC (Versions prior to V2.1.0), EcoStruxure Machine Expert – HVAC (Versions prior to V1.4.0)
CVE-2019-6826	1 Schneider-electric	1 Somachine Hvac	2024-11-21	7.8 High
A CWE-426: Untrusted Search Path vulnerability exists in SoMachine HVAC v2.4.1 and earlier versions, which could cause arbitrary code execution on the system running SoMachine HVAC when a malicious DLL library is loaded by the product.

Page 1 of 1.