Schneider Electric Pro-face GP-Pro EX

Act Now9ICS-CERT ICSA-19-003-01Jan 3, 2019

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionRequired

Summary

Schneider Electric Pro-face GP-Pro EX contains an input validation vulnerability (CWE-20) that allows an attacker to modify code and launch an arbitrary executable when the program starts. Affects versions 4.08 and earlier. The vulnerability requires user interaction (the program must be launched after code modification) and valid credentials to access the engineering environment.

What this means

What could happen

An attacker with access to the GP-Pro EX engineering workstation could inject malicious code that executes automatically when the application launches, potentially gaining control of operator interface logic and the devices it controls. This could allow manipulation of process setpoints, alarms, or shutdown commands affecting production or safety.

Who's at risk

Energy sector organizations and utilities that use Schneider Electric Pro-face GP-Pro EX operator interface software for HMI/SCADA monitoring and control. Affects both engineering workstations used to build and modify interfaces and runtime systems that execute those interfaces. Particularly relevant for utilities managing critical process control workflows.

How it could be exploited

An attacker who has gained valid credentials for the GP-Pro EX engineering environment (or compromises an engineering workstation) modifies project code to inject a malicious executable. When an operator or engineer launches the GP-Pro EX application, the injected code runs with the privileges of the GP-Pro EX process, allowing command execution on the workstation and potential lateral movement to connected control devices.

Prerequisites

Valid credentials or access to GP-Pro EX engineering workstation
Ability to modify project files before application launch
User must launch the affected application for payload to execute

high CVSS (9.0)user interaction required for exploitationaffects operator interface engineering toolno public exploits currently known

Exploitability

Moderate exploit probability (EPSS 1.0%)

Affected products (1)

ProductAffected VersionsFix Status

Pro-face GP-Pro EX:≤ 4.084.08.200

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGRestrict network access to engineering workstations running GP-Pro EX; do not allow direct Internet connectivity

HARDENINGImplement firewall rules to isolate GP-Pro EX engineering and runtime systems from business network

HARDENINGEnforce access controls and credential management for GP-Pro EX project files and engineering workstations

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Pro-face GP-Pro EX to version 4.08.200 or later

Long-term hardening

0/1

WORKAROUNDIf remote access to engineering environment is required, route through VPN with current security updates

CVEs (1)

CVE-2018-7832

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/4ff373e2-e81a-42d6-b99e-ab09ecb0ce40