Schneider Electric EcoStruxure Machine SCADA Expert & Pro-face BLUE Open Studio
Plan PatchCVSS 8.4ICS-CERT ICSA-25-322-01Nov 11, 2025
Schneider ElectricAVEVAEnergyManufacturing
Attack path
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
A vulnerability in the AVEVA component used by EcoStruxure Machine SCADA Expert and Pro-face BLUE Open Studio allows weak cryptographic password storage. An attacker with local access to a development workstation can perform offline attacks to recover user account passwords, leading to unauthorized access to SCADA projects, HMI logic, dashboards, and OEE interfaces. Successful exploitation could allow an attacker to modify project configurations before they are deployed to production systems.
What this means
What could happen
An attacker with local access to a workstation running EcoStruxure Machine SCADA Expert or Pro-face BLUE Open Studio could exploit weak cryptographic password storage to recover user credentials, potentially gaining unauthorized access to SCADA projects and the ability to modify HMI logic, dashboards, or process supervision settings.
Who's at risk
Development and IT teams at energy and manufacturing facilities who use EcoStruxure Machine SCADA Expert or Pro-face BLUE Open Studio to create and manage SCADA HMI applications, dashboards, and OEE interfaces should prioritize patching. The risk is highest for organizations where development workstations are accessed by multiple users or where workstation physical security is not strictly controlled.
How it could be exploited
An attacker with local access to the development workstation can extract password hashes or weak cryptographic data from the affected software's local storage, perform offline cracking attacks, and recover user account credentials. With valid credentials, the attacker can log into the software and modify SCADA projects, HMI configurations, or OEE dashboards before deployment to production systems.
Prerequisites
- Local access to the workstation running EcoStruxure Machine SCADA Expert or Pro-face BLUE Open Studio
- Ability to access the application's local data storage or configuration files
- Standard user-level or administrator privileges on the workstation
Weak cryptographic password storageLocal access required but low complexity exploitationSCADA development environment—unauthorized modifications could propagate to productionCredential recovery enables unauthorized project modifications
Exploitability
Unlikely to be exploited — EPSS score 0.0%
Affected products (3)
3 with fix
ProductAffected VersionsFix Status
EcoStruxure™ Machine SCADA Expert<2023.1 Patch 12023.1 Patch 1
EcoStruxure Machine SCADA Expert<2023.1 Patch 12023.1_Patch_1
Pro-face BLUE Open Studio<2023.1 Patch 12023.1_Patch_1
Remediation & Mitigation
0/4
Do now
0/2EcoStruxure Machine SCADA Expert
HARDENINGRestrict local workstation access to EcoStruxure Machine SCADA Expert and Pro-face BLUE Open Studio development machines to authorized personnel only
All products
HARDENINGEnforce strong password policies for all user accounts in the affected software applications
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
EcoStruxure Machine SCADA Expert
HOTFIXUpdate EcoStruxure Machine SCADA Expert to version 2023.1 Patch 1 or later
Pro-face BLUE Open Studio
HOTFIXUpdate Pro-face BLUE Open Studio to version 2023.1 Patch 1 or later
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/90284a15-625e-4d12-a40e-d55530266b37Get OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.