OTPulse
FeedAboutContact

Schneider Electric System Monitor Application in Harmony and Pro-face PS5000 Legacy Industrial PCs

Act Now9.8ICS-CERT ICSA-25-030-03Oct 8, 2024
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

A vulnerability in the System Monitor application for Schneider Electric Harmony Industrial PC and Pro-face PS5000 legacy industrial PC series allows remote code execution without authentication. The vulnerability can lead to denial of service, unauthorized access to sensitive information, and integrity issues affecting plant operations. All versions of the System Monitor application are affected. No vendor patch is available; the only remediation is uninstallation of the vulnerable application.

What this means
What could happen
An attacker could remotely execute code on your Harmony or Pro-face PS5000 industrial PC without any authentication, potentially allowing them to modify process data, stop operations, or steal sensitive information from your control system.
Who's at risk
Energy and manufacturing facilities using Harmony Industrial PC or Pro-face PS5000 legacy industrial PCs with the System Monitor application installed should be concerned. These devices often run critical automation and process control functions; compromise could disrupt production or safety-critical operations.
How it could be exploited
An attacker on your network sends a specially crafted request to the System Monitor application listening on the industrial PC. The application fails to properly validate the request, allowing the attacker to execute arbitrary code and gain full control of the PC and any devices it manages.
Prerequisites
  • Network access to the System Monitor application port on the Harmony or Pro-face PS5000 industrial PC
  • System Monitor application must be installed and running on the device
remotely exploitableno authentication requiredlow complexityhigh CVSS score (9.8)no patch availableaffects critical control systems
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (2)
1 pending1 EOL
ProductAffected VersionsFix Status
System Monitor application in Harmony Industrial PC All VersionsAll versionsNo fix (EOL)
System Monitor application in Pro-face Industrial PC All VersionsAll versionsNo fix yet
Remediation & Mitigation
0/4
Do now
0/4
WORKAROUNDUninstall System Monitor application from all Harmony Industrial PC units using the uninstaller available from Schneider Electric's download portal (https://www.se.com/ww/en/product-range/61054-harmony-industrial-pc/#software-and-firmware)
WORKAROUNDUninstall System Monitor application from all Pro-face PS5000 industrial PCs using the uninstaller available from Pro-face (https://www.proface.com/en/product/ipc/ps5000/download)
HARDENINGBack up configuration and data before uninstalling System Monitor application; test uninstallation in offline test environment first
HARDENINGIf System Monitor cannot be uninstalled, isolate affected industrial PCs from the network using network segmentation or firewall rules to block access to the System Monitor ports
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/46596ece-4ca1-4d02-9a78-b413f9451e92
Schneider Electric System Monitor Application in Harmony and Pro-face PS5000 Legacy Industrial PCs | CVSS 9.8 - OTPulse