Schnieider Electric EcoStruxure Machine Expert HVAC
Summary
Schneider Electric has identified a vulnerability in its EcoStruxure Machine Expert HVAC software, specifically in versions prior to 1.10.0. This vulnerability, CVE-2026-6332, allows for the cleartext storage of sensitive information, potentially leading to the disclosure of protected source code and a loss of confidentiality.
IFF Assessment
The vulnerability disclosed allows for the theft of sensitive information and source code, which is detrimental to defenders.
Severity
The CVSS score of 5.5 indicates a medium severity. This is due to the vulnerability allowing cleartext storage of sensitive information, which can lead to loss of confidentiality if exploited by an authorized attacker accessing the source code.
Defender Context
Defenders should be aware of this vulnerability affecting critical infrastructure sectors like manufacturing, energy, and water systems. Promptly updating Schneider Electric's EcoStruxure Machine Expert HVAC software to version 1.10.0 or later is crucial to mitigate the risk of source code disclosure and potential downstream attacks.