Harmony (formerly known as Magelis) HMI Panels
Plan Patch7.4SEVD-2019-225-01Aug 13, 2019
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary
A vulnerability in Harmony (formerly Magelis) HMI Panel products allows denial of service through improper input validation. Affected product families include HMIGK, HMIGTO, HMIGTU, HMIGTUX, HMISCU, HMISTO, HMIGXO, HMIGXU, HMISTU, XBTGC, XBTGH, and XBTGT series. The vulnerability could cause temporary panel crashes and loss of visualization and control capabilities. HMIGK, HMIGTO, HMIGTUX, and HMISCU series have patches available; the remaining series (HMITU, HMISTO, HMIGXO, HMIGXU, HMISTU, XBTGC, XBTGH, XBTGT) are end-of-life or will not be patched.
What this means
What could happen
An attacker could crash Harmony HMI panels through a specially crafted interaction, causing a temporary loss of visualization, control, and monitoring capabilities on critical automation equipment. This denial of service could disrupt production oversight and emergency response capabilities until the panel is manually restarted.
Who's at risk
Energy and manufacturing plants using Schneider Harmony HMI panels (HMIGK, HMIGTO, HMIGTU, HMIGTUX, HMISCU, HMISTO, HMIGXO, HMIGXU, HMISTU, XBTGC, XBTGH, XBTGT series) for production visualization, control, and monitoring. This affects facilities that depend on these panels for real-time process oversight and emergency shutdown management.
How it could be exploited
An attacker with network access to the HMI panel can send a malicious request that exploits improper input validation, causing the panel to crash and become unresponsive. User interaction may be required to trigger the crash (e.g., clicking a malicious link or opening a crafted file).
Prerequisites
- Network access to the Harmony HMI panel
- User interaction to trigger the vulnerability (clicking a link or opening a crafted file)
- Panel must be running a vulnerable version
Remotely exploitableUser interaction requiredLow complexity exploitAffects multiple HMI panel familiesSome variants have no patch availableTemporary denial of service to critical control interface
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (12)
4 with fix1 pending7 EOL
ProductAffected VersionsFix Status
Harmony/Magelis HMISTO series All versionsAll versionsNo fix (EOL)
Harmony/Magelis XBTGT series All versionsAll versionsNo fix (EOL)
Harmony/Magelis HMIGK series<6.2 SP116.2 SP11 Multi HotFix 4
Harmony/Magelis HMIGTO series<6.2 SP116.2 SP11 Multi HotFix 4
Harmony/Magelis) HMIGTU series<6.2 SP11No fix yet
Harmony/Magelis HMIGTUX series<6.2 SP116.2 SP11 Multi HotFix 4
Harmony/Magelis HMISCU series<6.3.16.3.1
Harmony/Magelis HMIGXO series All versionsAll versionsNo fix (EOL)
Remediation & Mitigation
0/4
Schedule — requires maintenance window
0/3Patching may require device reboot — plan for process interruption
HOTFIXUpdate Vijeo Designer engineering workstation to version 6.2 SP11 Multi HotFix 4 or later via Schneider Electric Software Update (SESU) application
HOTFIXAfter updating Vijeo Designer, download the updated project file to each Harmony HMI panel to complete the patching process
HOTFIXFor HMISCU series, update Vijeo Designer to version 6.3.1 or later via SESU application
Mitigations - no patch available
0/1The following products have reached End of Life with no planned fix: Harmony/Magelis HMISTO series All versions, Harmony/Magelis XBTGT series All versions, Harmony/Magelis HMIGXO series All versions, Harmony/Magelis HMIGXU series All versions, Harmony/Magelis HMISTU series All versions, Harmony/Magelis XBTGC series All versions, Harmony/Magelis XBTGH series All versions. Apply the following compensating controls:
HARDENINGFor HMITU, HMISTO, HMIGXO, HMIGXU, HMISTU, XBTGC, XBTGH, and XBTGT series with no fix available, implement network segmentation and access controls to restrict unauthorized network access to the HMI panels
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/ea56ba53-0fb3-42e6-b225-205c6297055a