ICSA-26-148-07 · Published 2026-05-20 · View on CISA ICS-CERT ↗

Schnieider Electric EcoStruxure Machine Expert HVAC (SEVD-2026-132-01)

CVSS 5.5 MEDIUM

Risk Summary

Schneider Electric is aware of a vulnerability in its EcostruxureTM Machine Expert HVAC product. The [EcostruxureTM Machine Expert HVAC](https://www.se.com/ww/en/download/document/EcoStruxureME_HVAC/) product is a programming software for Modicon M171-M172 logic controllers. Failure to apply the remediation provided below may risk in revealing sensitive information, which could result in disclosing protected source code, leading to loss of confidentiality.

CVEs (1)

CVE-2026-6332

Remediations

Version 1.10.0 of Ecostruxure™ Machine Expert HVAC includes a fix for this vulnerability and is available for download here: https://www.se.com/ww/en/download/document/EcoStruxureME_HVAC_1_10_0/

Affected Vendors

Schneider Electric

Affected Products (2)

Schneider Electric · Ecostruxure™ Machine Expert HVAC vers:intdot/<1.10.0

Schneider Electric · Ecostruxure™ Machine Expert HVAC 1.10.0

Affected Sectors

Chemical, Critical Manufacturing, Energy, Water and Wastewater

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more