OTPulse
FeedAboutContact

EcoStruxure Machine SCADA Expert and Pro-face BLUE Open Studio

Plan Patch7.8SEVD-2022-256-01Sep 13, 2022
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

Multiple vulnerabilities in EcoStruxure Machine SCADA Expert and BLUE Open Studio related to insecure deserialization (CWE-502) allow modification of project files, which could result in arbitrary code execution, information disclosure, or denial of service when a user opens or deploys a malicious project. The vulnerability affects version 2020 Service Pack 2 and earlier.

What this means
What could happen
An attacker with access to project files could modify them to execute arbitrary code on systems running these applications, potentially compromising HMI/SCADA operations or stealing configuration data from manufacturing and energy facilities.
Who's at risk
Energy utilities and manufacturing facilities using Schneider Electric's EcoStruxure Machine SCADA Expert or Pro-face BLUE Open Studio for HMI and SCADA development, particularly those managing critical line supervision, OEE monitoring, or dashboard applications on Harmony Industrial PCs and GTU Open Boxes.
How it could be exploited
An attacker obtains or intercepts project files used by EcoStruxure Machine SCADA Expert or BLUE Open Studio (via file share, email, or insecure storage), modifies the files to inject malicious code, then triggers code execution when an operator opens or deploys the altered project in the application.
Prerequisites
  • Access to project files (.project or similar format used by these applications)
  • User must open or import the modified project file in the affected application version
  • No network access required; exploitation is file-based
No authentication required to exploit (file-based attack)Low complexity attack (file modification)Affects SCADA/HMI development environmentCan lead to arbitrary code execution on OT systems
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
EcoStruxure Machine SCADA Expert 2020 Service Pack 2≤ 20.0.2HotFix 2020.2.00.40
BLUE Open Studio 2020 Service Pack 2≤ 20.0.2HotFix 2020.2.00.40
Remediation & Mitigation
0/5
Do now
0/1
HARDENINGRestrict file-level access to SCADA and HMI project files to authorized engineering personnel only; enforce read-only access for operators
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate EcoStruxure Machine SCADA Expert 2020 SP2 to Hot Fix 2020.2.00.40 or later
HOTFIXUpdate BLUE Open Studio 2020 SP2 to Hot Fix 2020.2.00.40 or later
Long-term hardening
0/2
HARDENINGImplement file integrity monitoring on project file repositories and shared storage locations to detect unauthorized modifications
HARDENINGEstablish a change control process for SCADA/HMI project files; require sign-off and version control before deployment
View full Schneider Electric advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/1cdfd51d-38e4-4fca-9895-f904fd1eb29f