CISA has published an advisory on code injection, improper restriction of operations within the bounds of a memory buffer, and uncontrolled search path element vulnerabilities in Schneider Electric ProClima. Successful exploitation of these vulnerabilities could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. All versions prior to 8.0.0 are affected. Schneider Electric has released Version 8.0.0 of ProClima and recommends users upgrade to this version or newer. Additionally, CISA recommends a list of actions to mitigate this vulnerability. Read the advisory at CISA.