Stack-based buffer overflow in SoMachine HVAC - CVE-2017-7965
Published: May 17, 2017 / Updated: May 18, 2017
Vulnerability identifier: #VU6600
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Clear
CVE-ID: CVE-2017-7965
CWE-ID: CWE-121
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Schneider Electric
Affected software:
SoMachine HVAC
SoMachine HVAC
Detailed vulnerability description
The vulnerability allows a local attacker to execute arbitrary code on the target system.
The weakness exists due to stack-based buffer overflow when processing AlTracePrint.exe. A local attacker can make call AlTracePrint.exe, trigger memory corruption and execute arbitrary code on the target system with administrator privileges.
Successful exploitation of this vulnerability may result in system compromise.
The weakness exists due to stack-based buffer overflow when processing AlTracePrint.exe. A local attacker can make call AlTracePrint.exe, trigger memory corruption and execute arbitrary code on the target system with administrator privileges.
Successful exploitation of this vulnerability may result in system compromise.
How to mitigate CVE-2017-7965
Update to version 2.2.