EcoStruxure™ Operator Terminal Expert and Pro-face BLUE

Plan Patch7SEVD-2022-284-01Oct 11, 2022

Attack VectorLocal

Auth RequiredLow

ComplexityHigh

User InteractionNone needed

Summary

Schneider Electric has identified multiple vulnerabilities in EcoStruxure Operator Terminal Expert and Pro-face BLUE HMI configuration software affecting versions prior to 3.3. These vulnerabilities (CWE-347, CWE-22, CWE-704, CWE-89) include path traversal, certificate/signature validation bypass, incorrect type conversion, and SQL injection. A local user with access to a Windows engineering workstation can exploit these flaws to execute arbitrary code with the privileges of the workstation user, potentially allowing modification of HMI configurations before deployment to control systems, resulting in loss of availability, integrity, and confidentiality.

What this means

What could happen

An attacker with local access to an engineering workstation could run arbitrary code with the privileges of the logged-in user, allowing them to modify HMI configurations, compromise process logic, or sabotage deployed control systems.

Who's at risk

Energy and manufacturing facilities using EcoStruxure Operator Terminal Expert or Pro-face BLUE for HMI configuration and deployment. This impacts engineering staff and anyone with access to workstations where these tools are installed.

How it could be exploited

An attacker with local access to a Windows workstation running EcoStruxure Operator Terminal Expert or Pro-face BLUE could exploit multiple vulnerabilities (path traversal, signature bypass, code injection) to execute arbitrary code within the HMI configuration software. The attacker could then modify SCADA/HMI configurations before they are deployed to control systems.

Prerequisites

Local access to Windows engineering workstation
User account with permissions to run EcoStruxure Operator Terminal Expert or Pro-face BLUE
Software must be installed and running on the workstation

Low complexity exploitationRequires local workstation accessMultiple vulnerability types (path traversal, signature bypass, code injection)Affects engineering environment, not field devices

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

EcoStruxure™ Operator Terminal Expert <3.3<3.33.3

Pro-face BLUE <3.3<3.33.3

Remediation & Mitigation

0/4

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate EcoStruxure Operator Terminal Expert to version 3.3 Service Pack 1 or later

HOTFIXUpdate Pro-face BLUE to version 3.3 Service Pack 1 or later

Long-term hardening

0/2

HARDENINGRestrict local administrative and user access to engineering workstations running HMI software to authorized personnel only

HARDENINGImplement application whitelisting on engineering workstations to restrict execution of unauthorized code

CVEs (6)

CVE-2022-41666 CVE-2022-41667 CVE-2022-41668 CVE-2022-41669 CVE-2022-41670 CVE-2022-41671

View full Schneider Electric advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e05c4d60-5829-424a-b998-816e6cd99fe0