The document highlights a vulnerability in Schneider Electric ProClima software which could allow an attacker to execute arbitrary code or cause a denial of service through crafted project files. The vulnerability is due to improper validation of user-supplied input, making it possible for an attacker to exploit the vulnerability remotely without authentication. Schneider Electric has released an update to address the vulnerability, advising users to update to the latest version of ProClima software
The document also provides recommendations for users to mitigate the risk, such as restricting access to the application and monitoring network traffic for signs of malicious activity. https://www.cert.ssi.gouv.fr/pdf/CERTFR-2024-AVI-0357.pdf