A vulnerability has been identified in **Schneider Electric**'s EcoStruxure™ Machine Expert HVAC, a programming software used for **Modicon** M171-M172 logic controllers. Failure to apply the necessary remediation steps could expose sensitive information, potentially leading to the disclosure of protected source code and a subsequent loss of confidentiality. [View CSAF](https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-148-07.json) ## Affected Products The vulnerability affects the following versions: * EcoStruxure™ Machine Expert HVAC versions prior to 1.10.0 ### Vulnerability Details | CVSS | Vendor | Equipment | Vulnerabilities | | :----- | :----------------- | :------------------------------------------------------------------------ | :----------------------------------------------------- | | v3 5.5 | Schneider Electric | Schnieider Electric EcoStruxure Machine Expert HVAC (SEVD-2026-132-01) | Cleartext Storage of Sensitive Information | ### Background * **Critical Infrastructure Sectors:** Chemical, Critical Manufacturing, Energy, Water and Wastewater * **Countries/Areas Deployed:** Worldwide * **Company Headquarters Location:** France --- ## Vulnerabilities ### **CVE-2026-6332**: Cleartext Storage of Sensitive Information This vulnerability (CWE-312) allows for the disclosure of sensitive information, potentially leading to the revelation of protected source code and a loss of confidentiality. This can occur when an authorized attacker gains access to the source code for editing or compiling. [View CVE Details](https://www.cve.org/CVERecord?id=CVE-2026-6332) --- #### Affected Products **Schnieider Electric EcoStruxure Machine Expert HVAC (SEVD-2026-132-01)** * **Vendor:** Schneider Electric * **Product Version:** Ecostruxure™ Machine Expert HVAC Versions prior to 1.10.0 * **Product Status:** fixed, known_affected * **Relevant CWE:** [CWE-312 Cleartext Storage of Sensitive Information](https://cwe.mitre.org/data/definitions/312.html) --- ## Recommendations **Schneider Electric** and **CISA** recommend the following security best practices to mitigate the risk: * Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. * Install physical controls to prevent unauthorized personnel from accessing industrial control and safety systems. * Place all controllers in locked cabinets and avoid leaving them in "Program" mode. * Never connect programming software to any network other than the intended network for that device. * Scan all methods of mobile data exchange (CDs, USB drives, etc.) before use in terminals connected to these networks. * Minimize network exposure for all control system devices and ensure they are not accessible from the Internet. * When remote access is required, use secure methods, such as Virtual Private Networks (**VPNs**). Ensure VPNs are updated to the most current version. For more detailed information, refer to the **Schneider Electric** [Recommended Cybersecurity Best Practices](https://www.se.com/us/en/download/document/7EN52-0390/) document. --- ## Further Information For more details and assistance on protecting your installation, contact your local **Schneider Electric** representative or **Schneider Electric** Industrial Cybersecurity Services: [https://www.se.com/ww/en/work/solutions/cybersecurity/](https://www.se.com/ww/en/work/solutions/cybersecurity/). For further information related to cybersecurity in **Schneider Electric**'s products, visit the company's cybersecurity support portal page: [https://www.se.com/ww/en/work/support/cybersecurity/overview.jsp](https://www.se.com/ww/en/work/support/cybersecurity/overview.jsp)