OTPulse
FeedAboutContact

EcoStruxure™ Operator Terminal Expert and Pro-face BLUE

Plan Patch7.8SEVD-2023-164-01Jun 13, 2023
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

A code execution vulnerability (CWE-94) exists in EcoStruxure Operator Terminal Expert and Pro-face BLUE versions 3.3 SP1 and earlier. A local user on the Windows engineering workstation can execute arbitrary code through the HMI configuration software, potentially compromising workstation confidentiality, integrity, and availability. The vulnerability requires user interaction to trigger.

What this means
What could happen
A local attacker with user access to an engineering workstation could run unauthorized code on the Windows machine hosting EcoStruxure Operator Terminal Expert or Pro-face BLUE, potentially compromising the workstation's data, configuration, and availability, which could disrupt HMI operations and engineering activities.
Who's at risk
Energy utilities and manufacturing facilities using Schneider Electric EcoStruxure Operator Terminal Expert or Pro-face BLUE HMI configuration software on Windows engineering workstations should prioritize patching. This affects anyone responsible for engineering, configuring, or maintaining HMI interfaces for automated control systems.
How it could be exploited
An attacker with user-level access to the Windows engineering workstation can exploit a code execution flaw in the HMI configuration software to execute arbitrary commands with the privileges of the logged-in user. The vulnerability is triggered through user interaction (opening a crafted file or project), allowing the attacker to compromise the workstation without requiring administrative credentials.
Prerequisites
  • User-level access to the Windows engineering workstation
  • EcoStruxure Operator Terminal Expert or Pro-face BLUE version 3.3 SP1 or earlier installed
  • User interaction required (e.g., opening a malicious HMI configuration file or project)
Requires user interactionAffects engineering workstations used to configure critical systemsLocal access required (lower remote risk but higher insider risk)
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
Pro-face BLUE <=3.3 SP1≤ 3.3 SP13.4
EcoStruxure™ Operation Terminal Expert <=3.3 SP1≤ 3.3 SP13.4
Remediation & Mitigation
0/4
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade EcoStruxure Operator Terminal Expert to version 3.4 or later
HOTFIXUpgrade Pro-face BLUE to version 3.4 or later
Long-term hardening
0/2
HARDENINGRestrict user-level access to engineering workstations and limit who can open HMI configuration files and projects
HARDENINGImplement network segmentation to isolate engineering workstations from general IT networks
View full Schneider Electric advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/e378ce77-b57b-4436-bd48-dd697ba4b1a4
EcoStruxure™ Operator Terminal Expert and Pro-face BLUE | CVSS 7.8 - OTPulse