Schneider Electric System Monitor Application

Act Now6.9ICS-CERT ICSA-25-203-05Jul 8, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionRequired

Summary

A cross-site scripting (XSS) vulnerability in the System Monitor application affects Harmony Industrial PC and Pro-face PS5000 industrial PC Series. The vulnerability allows injection of untrusted code that could execute in the context of authenticated users, risking operational failures and unauthorized system modifications. No patch is available from the vendors; mitigation requires uninstalling the application or restricting network access to it.

What this means

What could happen

An attacker could inject malicious code into the System Monitor application on Harmony or Pro-face industrial PCs, potentially executing arbitrary commands that disrupt process monitoring and control operations.

Who's at risk

This affects energy and manufacturing facilities using Harmony Industrial PC or Pro-face PS5000 industrial PCs (iPCs) that have the System Monitor application installed. System Monitor is used for process monitoring and performance visibility. Anyone relying on these industrial PCs for real-time process oversight should assess their exposure immediately.

How it could be exploited

An attacker with network access sends a specially crafted request (likely HTML/JavaScript injection) to the System Monitor web interface. If a user clicks a malicious link or visits a compromised page while logged into the application, the injected code runs in their browser context, potentially allowing the attacker to perform actions on the industrial PC including modifying monitoring settings or accessing sensitive configuration data.

Prerequisites

Network access to the System Monitor application on port 80/443 (HTTP/HTTPS)
User interaction required: an operator or engineer must click a malicious link or visit a compromised web page while authenticated to System Monitor

Remotely exploitableUser interaction requiredActively exploited (KEV)High EPSS score (36.9%)No patch availableCross-site scripting (XSS) vulnerability

Exploitability

Actively exploited — confirmed by CISA KEV

Affected products (2)

1 pending1 EOL

ProductAffected VersionsFix Status

Pro-face Industrial PC All VersionsAll versionsNo fix yet

Harmony Industrial PC All VersionsAll versionsNo fix (EOL)

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDUninstall the System Monitor application from affected Harmony Industrial PC and Pro-face PS5000 systems using the uninstaller available from the vendor download pages

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGIf System Monitor functionality is required, implement network segmentation and firewall rules to restrict access to the System Monitor web interface (port 80/443) only from authorized engineering workstations

HARDENINGMonitor and log all access to the System Monitor application to detect suspicious activity

CVEs (1)

CVE-2020-11023

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/cfae9746-cf02-4ae4-8973-aaa71c8beaf0