Schneider Electric Pro-face GP-Pro EX and Remote HMI (Update A)
Plan PatchCVSS 7.1ICS-CERT ICSA-25-035-07Jan 14, 2025
Schneider ElectricEnergyManufacturing
Attack path
Attack VectorNetwork
Auth RequiredNone
ComplexityHigh
User InteractionRequired
Summary
Schneider Electric Pro-face GP-Pro EX and Remote HMI contain vulnerabilities that allow Man-in-the-Middle attacks on the communication channel between the Remote HMI mobile app and the HMI server. An attacker intercepting this unencrypted traffic could disclose sensitive process information, modify operational parameters, or cause operational failures. The Pro-face GP-Pro EX is HMI screen editor and logic programming software; Pro-face Remote HMI is a mobile monitoring application for tablets and smartphones. Pro-face GP-Pro EX versions prior to 5.00.100 and Pro-face Remote HMI versions prior to 1.70.000 are vulnerable. Vulnerable products should be updated immediately, or Remote HMI should be disabled if not in use. Remote access should be protected by VPN encryption.
What this means
What could happen
An attacker could intercept unencrypted communication between the Pro-face Remote HMI mobile app and the HMI server, allowing them to view sensitive process information or modify operational parameters and setpoints, potentially disrupting production or affecting safety systems.
Who's at risk
Manufacturing facilities, utilities, and energy providers using Pro-face GP-Pro EX for HMI screen design and logic programming, particularly those who have enabled the Pro-face Remote HMI feature for mobile device monitoring of equipment. Any organization using smartphone or tablet-based remote monitoring of industrial control systems is affected.
How it could be exploited
An attacker positioned on the same network as the HMI devices (or on the internet if the HMI server is exposed) can perform a Man-in-the-Middle attack by intercepting the unencrypted communication channel between the Pro-face Remote HMI app and the Pro-face GP-Pro EX server. The attacker can then read sensitive data or inject malicious commands into the control system.
Prerequisites
Network access to the communication path between Pro-face Remote HMI and Pro-face GP-Pro EX (local network or internet if exposed)
Pro-face Remote HMI feature must be enabled in GP-Pro EX
Remote HMI app must be actively communicating with the server
remotely exploitablelow complexity attackaffects monitoring and control systemsdefault configuration may be insecure if Remote HMI is enabled
Exploitability
Unlikely to be exploited — EPSS score 0.2%
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
Pro-face GP-Pro EX<5.00.1005.00.100
Pro-face Remote HMI<1.70.0001.70.000
Remediation & Mitigation
0/7
Do now
0/3
Pro-face Remote HMI
WORKAROUNDDisable Pro-face Remote HMI feature in GP-Pro EX if remote access is not required
HARDENINGSet a strong connection password in Pro-face Remote HMI settings
All products
WORKAROUNDDeploy Pro-face Connect or another VPN solution to encrypt communication between Remote HMI and GP-Pro EX
Schedule — requires maintenance window
0/2
Patching may require device reboot — plan for process interruption
Pro-face GP-Pro EX
HOTFIXUpdate Pro-face GP-Pro EX to version 5.00.100 or later
Pro-face Remote HMI
HOTFIXUpdate Pro-face Remote HMI app to version 1.70.000 or later from Apple App Store or Google Play Store
Long-term hardening
0/2
Pro-face GP-Pro EX
HARDENINGDo not expose Pro-face GP-Pro EX or Remote HMI servers to the internet; require VPN access for remote monitoring
All products
HARDENINGIsolate the HMI server and all control system devices from the business network using firewalls