EcoStruxure™ Operator Terminal Expert (Vijeo XD), Pro-face BLUE and WinGP runtime
Monitor7.4SEVD-2020-315-02Nov 9, 2020
Attack VectorLocal
Auth RequiredNone
ComplexityHigh
User InteractionNone needed
Summary
A vulnerability in EcoStruxure™ Operator Terminal Expert (formerly Vijeo XD), Pro-face BLUE, and WinGP runtimes allows unauthorized command execution by a local user. These are HMI configuration and runtime software products used on Windows PCs and industrial PC platforms. The vulnerability impacts versions: EcoStruxure™ Operator Terminal Expert and Pro-face BLUE with legacy BIOS 3.1 Service Pack 1A and prior; WinGP V4.09.120 and prior.
What this means
What could happen
A local user on an engineering workstation could execute arbitrary commands with elevated privileges, compromising the confidentiality, integrity, and availability of the HMI system and any connected industrial processes.
Who's at risk
Manufacturing and energy sector operators who use Schneider Electric's EcoStruxure™ Operator Terminal Expert (formerly Vijeo XD), Pro-face BLUE, or WinGP runtimes on Windows engineering workstations or industrial PCs (Harmony iPC, Pro-face iPC, PS4000/PS5000 series) for HMI configuration and operation. This impacts anyone managing industrial process visualization and control systems built on these platforms.
How it could be exploited
An attacker with local access to the engineering workstation where EcoStruxure™ Operator Terminal Expert, Pro-face BLUE, or WinGP runtime is installed can exploit this vulnerability to execute arbitrary commands with system privileges. This could allow the attacker to modify HMI configurations, alter process parameters, or gain full control of the workstation.
Prerequisites
- Local access to the Windows engineering workstation or industrial PC
- User account on the affected machine (no special privileges required)
- One of the vulnerable products installed: EcoStruxure™ Operator Terminal Expert ≤3.1 SP1A, Pro-face BLUE ≤3.1 SP1A, or WinGP ≤V4.09.120
Local privilege escalation vulnerabilityAffects engineering workstations with physical access riskNo patch available for legacy BIOS versions on some platformsCould lead to unauthorized modification of HMI configurations or process parameters
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (6)
6 pending
ProductAffected VersionsFix Status
EcoStruxure™ Operator Terminal Expert Runtime installed on Windows PC using legacy BIOS 3.1 Service Pack 1A and prior≤ 3.1 Service Pack 1ANo fix yet
EcoStruxure™ Operator Terminal Expert Runtime installed on Harmony iPC(HMIG3U) using legacy BIOS 3.1 Service Pack 1A and prior≤ 3.1 Service Pack 1ANo fix yet
Pro-face BLUE Runtime installed on Windows PC using legacy BIOS 3.1 Service Pack 1A and prior≤ 3.1 Service Pack 1ANo fix yet
Pro-face BLUE Runtime installed on Pro-face iPC (SP-5B10) using legacy BIOS 3.1 Service Pack 1A and prior≤ 3.1 Service Pack 1ANo fix yet
WinGP installed on Windows PC using legacy BIOS V4.09.120 and prior≤ 4.09.120No fix yet
WinGP installed on Pro-face PS4000 & PS5000 series and SP-5B40, SP5B41 using legacy BIOS V4.09.120 and prior≤ 4.09.120No fix yet
Remediation & Mitigation
0/5
Schedule — requires maintenance window
0/3Patching may require device reboot — plan for process interruption
HOTFIXUpdate EcoStruxure™ Operator Terminal Expert to V3.1 Service Pack 1B or later
HOTFIXUpdate Pro-face BLUE to V3.1 Service Pack 1B or later
HOTFIXUpdate WinGP to V4.09.200 or later (included in GP-Pro EX)
Long-term hardening
0/2HARDENINGRestrict local access to engineering workstations to authorized personnel only
HARDENINGImplement physical security controls on engineering workstations to prevent unauthorized local access
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/51d8c4da-0c1c-459d-a169-a9ca54782617