Schneider-Electric Somachine Hvac vulnerabilities

CVE-2022-2988 [MEDIUM] CWE-787 CVE-2022-2988: A CWE-787: Out-of-bounds Write vulnerability exists that could cause sensitive information leakage w A CWE-787: Out-of-bounds Write vulnerability exists that could cause sensitive information leakage when accessing a malicious web page from the commissioning software. Affected Products: SoMachine HVAC (Versions prior to V2.1.0), EcoStruxure Machine Expert – HVAC (Versions prior to V1.4.0)

CVE-2019-6826 [HIGH] CWE-426 CVE-2019-6826: A CWE-426: Untrusted Search Path vulnerability exists in SoMachine HVAC v2.4.1 and earlier versions, A CWE-426: Untrusted Search Path vulnerability exists in SoMachine HVAC v2.4.1 and earlier versions, which could cause arbitrary code execution on the system running SoMachine HVAC when a malicious DLL library is loaded by the product.

CVE-2017-7965 [HIGH] CWE-119 CVE-2017-7965: A buffer overflow vulnerability exists in Programming Software executable AlTracePrint.exe, in Schne A buffer overflow vulnerability exists in Programming Software executable AlTracePrint.exe, in Schneider Electric's SoMachine HVAC v2.1.0 for Modicon M171/M172 Controller.