HomeIntelligenceBrief
VULNERABILITY BRIEF🟡 Medium Vulnerability

Cleartext Storage Vulnerability (CVE‑2026‑6332) in Schneider Electric EcoStruxure Machine Expert HVAC Exposes Source Code

Schneider Electric disclosed CVE‑2026‑6332, a cleartext storage flaw in EcoStruxure Machine Expert HVAC (versions < 1.10.0). Attackers with file‑system access can read proprietary PLC source code, creating a confidentiality risk for critical‑infrastructure operators and their supply chains.

LiveThreat™ Intelligence · 📅 May 28, 2026· 📰 cisa.gov
🟡
Severity
Medium
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
5 recommended
📰
Source
cisa.gov

Cleartext Storage Vulnerability (CVE‑2026‑6332) in Schneider Electric EcoStruxure Machine Expert HVAC Exposes Source Code

What It Is — Schneider Electric’s EcoStruxure Machine Expert HVAC programming suite (versions < 1.10.0) stores controller source code in cleartext. An authorized attacker who gains file‑system access can read the proprietary logic, compromising confidentiality.

Exploitability — No public exploit code is known, but the flaw is trivial to verify once file access is obtained. CVSS v3.1 5.5 (Moderate).

Affected Products — EcoStruxure Machine Expert HVAC (SEVD‑2026‑132‑01) for Modicon M171/M172 PLCs, all releases prior to 1.10.0.

TPRM Impact — Many industrial operators rely on this tool to develop and maintain control logic for critical infrastructure (chemical, energy, water, manufacturing). A breach of source code can:

  • Reveal proprietary process algorithms, enabling competitive espionage or sabotage.
  • Provide an attacker with a blueprint for future control‑system attacks downstream in the supply chain.

Recommended Actions

  • Immediately upgrade to EcoStruxure Machine Expert HVAC ≥ 1.10.0.
  • Apply Schneider‑provided remediation patches (SEVD‑2026‑132‑01).
  • Audit file‑system permissions on workstations and servers storing .ME files; enforce least‑privilege and encryption at rest.
  • Conduct a review of all third‑party contracts that depend on this software and require proof of remediation.
  • Monitor for anomalous access to PLC source‑code repositories.

Source: CISA Advisory – ICSA‑26‑148‑07

📰 Original Source
https://www.cisa.gov/news-events/ics-advisories/icsa-26-148-07

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Every gap like this maps to a control you can evidence.

The Verisq AI Trust Operations platform maps incidents to your control framework and collects the evidence continuously — so your Trust Center shows proof, not promises, when a buyer or auditor asks.

Explore the Verisq AI Trust Operations platform →