CVE-2016-4529

Name of the Vulnerable Software and Affected Versions Schneider Electric SoMachine HVAC Programming Software for M171/M172 Controllers versions prior to 2.1.0

Description The issue allows remote attackers to execute arbitrary code via unknown vectors, related to the INTERFACESAFE FOR UNTRUSTED CALLER flag. This is due to an unspecified ActiveX control in the software.

Recommendations For versions prior to 2.1.0, update to version 2.1.0 or later to resolve the issue. As a temporary workaround, consider disabling the use of ActiveX controls until a patch is applied. Restrict access to the affected software to minimize the risk of exploitation.