CVE-2016-4529 - OpenCVE

An unspecified ActiveX control in Schneider Electric SoMachine HVAC Programming Software for M171/M172 Controllers before 2.1.0 allows remote attackers to execute arbitrary code via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Schneider-electric	M171 Somachine Hvac Firmware M172

Configuration 1 [-]

AND

OR	cpe:2.3:h:schneider-electric:m171:-:::::::*
	cpe:2.3:h:schneider-electric:m172:-:::::::*

cpe:2.3:o:schneider-electric:somachine_hvac_firmware:*:*:*:*:*:*:*:*

References

Link	Resource
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2016-161-01	Patch Vendor Advisory
http://www.securityfocus.com/bid/91778	Third Party Advisory VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-16-440	Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-16-196-03	Mitigation Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2016-07-15T16:00:00

Updated: 2016-11-25T20:57:01

Reserved: 2016-05-05T00:00:00

Link: CVE-2016-4529

JSON object: View

NVD Information

Status : Analyzed

Published: 2016-07-15T16:59:10.347

Modified: 2022-02-03T14:25:19.803

Link: CVE-2016-4529

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-07-14T00:00:00", "descriptions": [{"lang": "en", "value": "An unspecified ActiveX control in Schneider Electric SoMachine HVAC Programming Software for M171/M172 Controllers before 2.1.0 allows remote attackers to execute arbitrary code via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-25T20:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-440"}, {"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-196-03"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2016-161-01"}, {"name": "91778", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/91778"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2016-4529", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An unspecified ActiveX control in Schneider Electric SoMachine HVAC Programming Software for M171/M172 Controllers before 2.1.0 allows remote attackers to execute arbitrary code via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-440", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-440"}, {"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-196-03", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-196-03"}, {"name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2016-161-01", "refsource": "CONFIRM", "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2016-161-01"}, {"name": "91778", "refsource": "BID", "url": "http://www.securityfocus.com/bid/91778"}]}}}}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2016-4529", "datePublished": "2016-07-15T16:00:00", "dateReserved": "2016-05-05T00:00:00", "dateUpdated": "2016-11-25T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:m171:-:*:*:*:*:*:*:*", "matchCriteriaId": "29592649-A25D-48E8-B023-1D30EF3F9CDD", "vulnerable": false}, {"criteria": "cpe:2.3:h:schneider-electric:m172:-:*:*:*:*:*:*:*", "matchCriteriaId": "EE703A75-552A-4D5D-BF61-B27E53794165", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:somachine_hvac_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2E5E66AB-31A1-4E58-A174-6604C2A2A284", "versionEndIncluding": "2.0.2", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An unspecified ActiveX control in Schneider Electric SoMachine HVAC Programming Software for M171/M172 Controllers before 2.1.0 allows remote attackers to execute arbitrary code via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag."}, {"lang": "es", "value": "Un control ActiveX no especificado en Schneider Electric SoMachine HVAC Programming Software para M171/M172 Controllers en versiones anteriores a 2.1.0 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores desconocidos, relacionados con el indicador INTERFACESAFE_FOR_UNTRUSTED_CALLER (tambi\u00e9n conocido como secuencias de comandos para guardar)."}], "id": "CVE-2016-4529", "lastModified": "2022-02-03T14:25:19.803", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-07-15T16:59:10.347", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Patch", "Vendor Advisory"], "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2016-161-01"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/91778"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-440"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-196-03"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}