Schneider Electric EcoStruxure Machine SCADA Expert & Pro-face BLUE Open Studio

Plan Patch8.4ICS-CERT ICSA-25-322-01Nov 11, 2025

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

A cryptographic weakness (CWE-327) in EcoStruxure Machine SCADA Expert and Pro-face BLUE Open Studio allows password hashes to be extracted and subjected to offline brute-force attacks. An attacker with local file system access to an engineering workstation could recover user account credentials and gain unauthorized access to modify SCADA HMI projects, dashboards, and OEE (Overall Equipment Effectiveness) interfaces. This affects Harmony Industrial PC and GTU Open Box environments running these development platforms.

What this means

What could happen

An attacker with local access to a workstation running these SCADA development tools could use weak cryptographic password storage to brute-force user account credentials, gaining unauthorized access to HMI and SCADA projects and potentially modifying control logic or process dashboards.

Who's at risk

Energy and manufacturing operations should focus on this if they use Schneider Electric EcoStruxure Machine SCADA Expert or AVEVA Pro-face BLUE Open Studio for HMI, SCADA, and dashboard development on engineering workstations or human-machine interface industrial PCs. This affects anyone who develops or maintains supervisory control and process automation applications using these platforms.

How it could be exploited

An attacker needs local access to a workstation where EcoStruxure Machine SCADA Expert or Pro-face BLUE Open Studio is installed. They would extract password hashes from the application's local storage, exploit the weak cryptographic implementation (CWE-327), and perform an offline brute-force attack to recover plaintext passwords. With valid credentials, they could then access and modify SCADA projects, HMI configurations, or OEE dashboards.

Prerequisites

Local file system access to the workstation running the affected software
Access to user account password storage files within the application directory
Sufficient computational resources to perform offline brute-force password recovery

Weak cryptographic implementationLocal access required but common in engineering environmentsLow operational technology attack complexityAffects SCADA development and HMI configuration tools

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

EcoStruxure Machine SCADA Expert<2023.1 Patch 12023.1_Patch_1

Pro-face BLUE Open Studio<2023.1 Patch 12023.1_Patch_1

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict physical and network access to engineering workstations running these tools to authorized personnel only

HARDENINGImplement file-level access controls to protect application credential storage directories

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

EcoStruxure Machine SCADA Expert

HOTFIXUpgrade EcoStruxure Machine SCADA Expert to version 2023.1_Patch_1 or later

Pro-face BLUE Open Studio

HOTFIXUpgrade Pro-face BLUE Open Studio to version 2023.1_Patch_1 or later

CVEs (1)

CVE-2025-9317

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/90284a15-625e-4d12-a40e-d55530266b37