OTPulse
FeedAboutContact

Schneider Electric Pro-face GP-Pro EX

Plan Patch7.2ICS-CERT ICSA-17-215-01Aug 3, 2017
Attack VectorLocal
Auth RequiredLow
ComplexityHigh
User InteractionRequired
Summary

GP-Pro EX versions up to 4.07.000 contain an improper verification of code signatures (CWE-427) that allows a user with local access to the engineering workstation to escalate privileges and execute arbitrary code with higher permissions. This could enable modification of HMI project files or extraction of sensitive configuration data from the engineering environment. Public exploits are available.

What this means
What could happen
A low-privilege user on the engineering workstation running GP-Pro EX could execute malicious code with elevated privileges, potentially allowing modification of HMI projects that control plant operations or data exfiltration from the workstation.
Who's at risk
Energy utilities operating Schneider Electric Pro-face GP-Pro EX HMI engineering software should prioritize this update. The vulnerability affects engineers and operators who use the software to configure and modify control logic for SCADA and process automation systems. Any facility using GP-Pro EX for critical control applications (generation, distribution, or grid management) is in scope.
How it could be exploited
An attacker with a user account on the engineering workstation could exploit a privilege escalation vulnerability in GP-Pro EX. By crafting a malicious file or interaction that leverages improper code signing verification (CWE-427), the attacker could execute arbitrary code with higher privileges, affecting the integrity of HMI configurations or control logic sent to field devices.
Prerequisites
  • Local user account on the engineering workstation running GP-Pro EX
  • User interaction to open or process a malicious file or trigger the vulnerability
  • GP-Pro EX version 4.07.000 or earlier installed
privilege escalation vulnerabilitylocal exploitation requiredlow complexity to exploitpublic exploits availableaffects engineering workstations that configure critical systemsimproper code signing
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
GP Pro EX:4.07.0004.07.100 or later
Remediation & Mitigation
0/3
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate GP-Pro EX to version 4.07.100 or newer
Long-term hardening
0/2
HARDENINGRestrict user access to the engineering workstation to authorized personnel only and enforce principle of least privilege for local accounts
HARDENINGMonitor engineering workstations for unexpected code execution or privilege escalation attempts
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/7a8367c1-c59d-42cc-aa69-0a5c92202f1d