Schneider Electric System Monitor Application in Harmony and Pro-face PS5000 Legacy Industrial PCs

Plan PatchCVSS 9.8ICS-CERT ICSA-25-030-03Oct 8, 2024

Schneider ElectricEnergyManufacturing

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Vulnerability in the System Monitor application on Schneider Electric Harmony Industrial PC Series and Pro-face PS5000 legacy industrial PCs allows an attacker to disclose sensitive information, modify data, or cause denial of service. The application improperly handles access control, potentially exposing process parameters and configuration data, and could lead to operational failures if System Monitor is relied upon for critical process control or safety monitoring.

What this means

What could happen

An attacker with network access could read, modify, or intercept sensitive information from the industrial PC and potentially disrupt plant operations. If the System Monitor controls critical process logic or safety functions, manipulation of its data could lead to process failures or unsafe conditions.

Who's at risk

Operators and engineers at energy and manufacturing facilities using Harmony Industrial PC Series or Pro-face PS5000 legacy industrial PCs with the System Monitor application installed should take immediate action. This affects any site using these iPCs for process monitoring, HMI, or data collection in critical infrastructure.

How it could be exploited

An attacker on the network where the Harmony or Pro-face industrial PC is reachable sends a specially crafted request to the System Monitor application. The application fails to properly validate or control access to sensitive data, allowing the attacker to read process parameters, modify configuration, or disrupt the monitoring function without needing credentials or user interaction.

Prerequisites

Network access to the industrial PC on which System Monitor is installed
System Monitor application must be running
No authentication required

remotely exploitableno authentication requiredlow complexityaffects industrial systemsno patch availablevendor product unsupported

Exploitability

Unlikely to be exploited — EPSS score 0.2%

Affected products (2)

1 pending1 EOL

ProductAffected VersionsFix Status

System Monitor application in Harmony Industrial PC All VersionsAll versionsNo fix (EOL)

System Monitor application in Pro-face Industrial PC All VersionsAll versionsNo fix yet

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDUninstall the System Monitor application from all Harmony Industrial PC and Pro-face PS5000 systems using the uninstaller available from Schneider Electric and Pro-face download pages

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGTest the uninstaller in a lab or offline environment first to confirm it does not disrupt critical monitoring or control functions before deploying to production systems

HARDENINGRestrict network access to industrial PCs running System Monitor by implementing firewall rules to block inbound traffic from untrusted networks

Long-term hardening

0/1

WORKAROUNDIf uninstallation is not feasible, disable or isolate the System Monitor application and replace its functionality with an alternative monitoring solution that is actively maintained

CVEs (1)

CVE-2024-8884

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/46596ece-4ca1-4d02-9a78-b413f9451e92

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.