Schneider Electric System Monitor Application

Act NowCVSS 6.9ICS-CERT ICSA-25-203-05Jul 8, 2025

Schneider ElectricEnergyManufacturing

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionRequired

Summary

Schneider Electric System Monitor application in Harmony Industrial PC and Pro-face PS5000 legacy industrial PC series contains a cross-site scripting (XSS) vulnerability (CWE-79) that could allow an attacker to execute untrusted code on affected systems. The vulnerability requires user interaction but could compromise process control operations if exploited. Affected products include all versions of Pro-face Industrial PC and Harmony Industrial PC with System Monitor installed. No vendor patch is available; remediation requires uninstalling the vulnerable application or restricting its network access.

What this means

What could happen

An attacker could execute malicious code on the Harmony or Pro-face industrial PC through the System Monitor application, potentially disrupting process control, stopping automated operations, or causing unsafe equipment behavior.

Who's at risk

This vulnerability affects operators and engineers at manufacturing plants, power generation facilities, and water treatment systems who rely on Harmony Industrial PC or Pro-face PS5000 industrial PCs for process monitoring and control. Any facility using these systems for automation, HMI (human-machine interface), or system health monitoring should take action immediately.

How it could be exploited

An attacker crafts a malicious web request or interaction that exploits a cross-site scripting (XSS) vulnerability in System Monitor. The vulnerability requires user interaction (a technician clicking a link or visiting a crafted page), but can affect multiple systems if the affected page is browsed from the industrial PC network. Once exploited, malicious code runs with the privileges of the System Monitor application, which typically has access to industrial PC system functions.

Prerequisites

User interaction required: an operator or technician must click a malicious link or visit a crafted web page from the affected industrial PC or network
Network access to the System Monitor application web interface
Harmony or Pro-face industrial PC with System Monitor installed

remotely exploitableactively exploited (KEV)high EPSS score (36.9%)no patch availablerequires user interaction but cross-site scripting can be embedded in operational reports or dashboards

Exploitability

Actively exploited — confirmed by CISA KEV

Public Proof-of-Concept (PoC) on GitHub (5 repositories)

Affected products (2)

1 pending1 EOL

ProductAffected VersionsFix Status

Pro-face Industrial PC All VersionsAll versionsNo fix yet

Harmony Industrial PC All VersionsAll versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/4

WORKAROUNDUninstall the System Monitor application from all Harmony Industrial PC systems using the uninstaller available at https://www.se.com/ww/en/product-range/61054-harmony-industrial-pc/#software-and-firmware and follow the provided uninstaller guide

WORKAROUNDUninstall the System Monitor application from all Pro-face PS5000 industrial PC systems using the uninstaller available at https://www.proface.com/en/product/ipc/ps5000/download and follow the provided uninstaller guide

HARDENINGRestrict network access to System Monitor application ports on all affected industrial PCs using firewall rules or network segmentation—allow access only from trusted engineering workstations and management networks

HARDENINGDisable remote access to System Monitor application if not required for current operations

CVEs (1)

CVE-2020-11023

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/cfae9746-cf02-4ae4-8973-aaa71c8beaf0

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.