Schneider Electric Pro-face GP-Pro EX and Remote HMI (Update A)
Plan Patch7.1ICS-CERT ICSA-25-035-07Jan 14, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityHigh
User InteractionRequired
Summary
Schneider Electric Pro-face GP-Pro EX (HMI screen editor and logic programming software) and Pro-face Remote HMI (remote monitoring app for mobile devices) contain vulnerabilities that allow man-in-the-middle attacks on communications between the software and remote monitoring clients. The vulnerability occurs because communication is not adequately encrypted or protected. An attacker positioned on the network between the HMI software and remote monitoring app could intercept and potentially modify control data or steal process information. Pro-face GP-Pro EX versions before 5.00.100 and Pro-face Remote HMI versions before 1.70.000 are affected.
What this means
What could happen
An attacker could intercept unencrypted communication between Pro-face HMI software and remote monitoring apps, allowing them to read sensitive process data, modify control commands, or disrupt operations. This risk applies primarily when the Remote HMI feature is enabled and used without additional encryption.
Who's at risk
Water authorities and municipal utilities using Schneider Electric Pro-face HMI software for supervisory control and monitoring should prioritize this. Facilities using the Remote HMI mobile app for engineers to monitor equipment remotely (e.g., checking PLC status, setpoints, or alerts from tablets or phones) are at highest risk. Manufacturing plants and energy providers with remote monitoring capabilities are also affected.
How it could be exploited
An attacker on the network path between a Pro-face GP-Pro EX installation and a Remote HMI mobile client (or between the GP-Pro EX and Remote HMI servers) can perform a man-in-the-middle attack to intercept plaintext or weakly protected communications. This requires the attacker to have network access between the two systems (e.g., on the same Wi-Fi, compromised router, or ISP level).
Prerequisites
- Network position between the HMI software and remote monitoring app or servers (same Wi-Fi, compromised router, or ISP-level access)
- Pro-face Remote HMI feature enabled on GP-Pro EX
- Remote HMI app in use without additional VPN or encryption layer
remotely exploitableno authentication requiredlow complexity attack (man-in-the-middle)affects integrity and confidentiality of operational datacould allow operational interferencedefault configuration may be insecure
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
Pro-face GP-Pro EX<5.00.1005.00.100
Pro-face Remote HMI<1.70.0001.70.000
Remediation & Mitigation
0/8
Do now
0/3Pro-face Remote HMI
WORKAROUNDIf using Pro-face Remote HMI, enable Pro-face Connect VPN or equivalent VPN solution to encrypt all communication between the Remote HMI app and GP-Pro EX
WORKAROUNDSet a strong connection password for Pro-face Remote HMI (see GP-Pro EX V4.0 Reference Manual, Remote Viewer section)
WORKAROUNDIf Remote HMI is not required, disable the Pro-face Remote HMI feature in GP-Pro EX (disabled by default; verify in Pro-face Remote HMI Settings)
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
Pro-face GP-Pro EX
HOTFIXUpdate Pro-face GP-Pro EX to version 5.00.100 or later
Pro-face Remote HMI
HOTFIXUpdate Pro-face Remote HMI to version 1.70.000 or later via Apple App Store or Google Play Store
Long-term hardening
0/3Pro-face GP-Pro EX
HARDENINGRestrict Pro-face GP-Pro EX and Remote HMI systems to trusted networks only
All products
HARDENINGPlace HMI systems behind firewalls and isolate control system networks from business networks
HARDENINGDisable direct internet access to HMI systems and use VPN for all remote access
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/e7a534b0-d73e-40dd-b71f-a8ce8b3c74a8