Primary

Context

Schneider Electric EcoStruxure Machine Expert HVAC Cleartext Storage Vulnerability Allowing Source Code Disclosure

Vulnerability

Patched

A vulnerability allowing cleartext storage of sensitive information has been identified in Schneider Electric's EcoStruxure Machine Expert HVAC software, prior to version 1.10.0. This vulnerability could lead to the unauthorized disclosure of protected source code, allowing an authorized attacker to access the source code for editing or compilation, thereby compromising confidentiality.

Impact

Exploitation of this vulnerability could result in the unauthorized disclosure of protected source code, leading to a loss of confidentiality.

Remediation

Users of EcoStruxure Machine Expert HVAC should upgrade to version 1.10.0, which includes a fix for this vulnerability. Version 1.10.0 is available for download from the Schneider Electric website.

Added: May 14, 2026, 6:32 PM

Updated: May 14, 2026, 6:32 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

3.3

remediation

7.7

relevance

8.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

3.3

remediation

7.7

relevance

8.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Schneider Electric EcoStruxure Machine Expert HVAC Cleartext Storage Vulnerability Allowing Source Code Disclosure

Vulnerability

Impact

Remediation

Affected Products

Schneider Electric EcoStruxure Machine Expert HVAC

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating