BetaIT-Hub is in early access — your feedback helps us improve. Use the chat or email [email protected]

News Vulnerability
VulnerabilityCISA·6d ago

Schnieider Electric EcoStruxure Machine Expert HVAC

p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-148-07.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong Schneider Electric is aware of a vulnerability in its EcostruxureTM Machine Expert HVAC product. The [EcostruxureTM Machine Expert HVAC](https://www.se.com/ww/en/download/document/EcoStruxureME_HVAC/) product is a programming software for Modicon M171-M172 logic controllers. Failure to apply the remediation provided below may risk in revealing sensitive information, which could result in disclosing protected source code, leading to loss of confidentiality. /strong /p p The following versions of Schnieider Electric EcoStruxure Machine Expert HVAC (SEVD-2026-132-01) are affected: /p ul li Ecostruxure™ Machine Expert HVAC vers lt;1.10.0 /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 5.5 /td td Schneider Electric /td td Schnieider Electric EcoStruxure Machine Expert HVAC (SEVD-2026-132-01) /td td Cleartext Storage of Sensitive Information /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Chemical, Critical Manufacturing, Energy, Water and Wastewater /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong France /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2026-6332 /a /h3 div class="csaf-accordion-content" p CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that could cause the disclosure of a sensitive information which could result in revealing protected source code and loss of confidentiality, when an authorized attacker accesses the source code for editing or compiling it. /p p a href="https://www.cve.org/CVERecord?id=CVE-2026-6332" View CVE Details /a /p hr h4 Affected Products /h4 h5 Schnieider Electric EcoStruxure Machine Expert HVAC (SEVD-2026-132-01) /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br Schneider Electric /div div class="ics-version" strong Product Version: /strong br Ecostruxure™ Machine Expert HVAC Versions prior to 1.10.0 /div div class="ics-status" strong Product Status: /strong br fixed, known_affected /div /div div class="ics-remediations" h6 Remediations /h6 p strong Vendor fix /strong br Version 1.10.0 of Ecostruxure™ Machine Expert HVAC includes a fix for this vulnerability and is available for download here: https://www.se.com/ww/en/download/document/EcoStruxureME_HVAC_1_10_0/ nbsp; br a href="https://www.se.com/ww/en/download/document/EcoStruxureME_HVAC_1_10_0/"

Sign in to read the full article

Create a free account to access all news, downloads, and community features

Sign inCreate account

Originally published by CISA

Source: https://www.cisa.gov/news-events/ics-advisories/icsa-26-148-07

This article is shared for informational purposes. All rights belong to the original author and publisher. If you are the copyright holder and would like this content removed, please contact us.

Shared on IT-Hub by admin