CVE-2016-4529 – Schneider Electric SoMachine HVAC AxEditGrid ActiveX Control SetDataIntf Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2016-4529

An unspecified ActiveX control in Schneider Electric SoMachine HVAC Programming Software for M171/M172 Controllers before 2.1.0 allows remote attackers to execute arbitrary code via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag. Un control ActiveX no especificado en Schneider Electric SoMachine HVAC Programming Software para M171/M172 Controllers en versiones anteriores a 2.1.0 permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos, relacionados con el indicador INTERFACESAFE_FOR_UNTRUSTED_CALLER (también conocido como secuencias de comandos para guardar). This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric SoMachine HVAC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the SetDataIntf method of the AxEditGrid control. The control has an untrusted pointer dereference vulnerability because it blindly calls an attacker-supplied memory address. • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2016-161-01 http://www.securityfocus.com/bid/91778 http://www.zerodayinitiative.com/advisories/ZDI-16-440 https://ics-cert.us-cert.gov/advisories/ICSA-16-196-03 •