Web Designer for Modicon Communication Modules
Monitor7.8SEVD-2025-014-04Jan 14, 2025
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary
A vulnerability in Web Designer for Schneider Electric FactoryCast communication modules (BMXNOR0200H, BMXNOE0110(H), BMENOC0311(C), BMENOC0321(C)) allows XML external entity (XXE) injection attacks. An attacker could craft a malicious XML file that, when opened in Web Designer, results in information disclosure (reading configuration or credential files from the engineering workstation), compromise of the workstation's integrity, or remote code execution on the affected computer. The Web Designer tool is used to create web-based operator panels and configure HMI parameters for these FactoryCast modules.
What this means
What could happen
An attacker who can trick an engineer into opening a malicious XML file in Web Designer could read sensitive configuration files from the workstation or execute code on it, potentially compromising the workstation's control over the HMI modules and any connected industrial networks.
Who's at risk
Energy and manufacturing organizations using Schneider Electric FactoryCast Web HMI modules (BMXNOR0200H, BMXNOE0110(H), BMENOC0311(C), BMENOC0321(C)) for operator panels and HMI configuration should be aware this vulnerability affects the engineering workstations that configure these devices, not the modules themselves. Engineers and control system integrators who maintain these devices are directly at risk.
How it could be exploited
An attacker crafts a malicious XML file containing external entity references and sends it to an engineer via email or a shared file system. When the engineer opens the file in Web Designer, the application parses the XML without proper safeguards, allowing the attacker to read local files (like credentials or configuration data) or potentially execute commands on the workstation.
Prerequisites
- Web Designer must be installed on the target workstation
- An engineer must open or import a malicious XML file (social engineering or file-based attack)
- The workstation must have file system access to sensitive files the attacker wants to read
No patch available from vendorUser interaction required (engineer must open malicious file)Affects engineering workstations with access to industrial networksCould lead to code execution on configuration systemsDefault risk from XML external entity injection
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (4)
4 EOL
ProductAffected VersionsFix Status
Web Designer for BMXNOR0200H All VersionsAll versionsNo fix (EOL)
Web Designer for BMXNOE0110(H) All VersionsAll versionsNo fix (EOL)
Web Designer for BMENOC0311(C) All VersionsAll versionsNo fix (EOL)
Web Designer for BMENOC0321(C) All VersionsAll versionsNo fix (EOL)
Remediation & Mitigation
0/5
Do now
0/1WORKAROUNDDo not open XML files from untrusted sources in Web Designer; verify file origin and content before opening
Schedule — requires maintenance window
0/3Patching may require device reboot — plan for process interruption
HARDENINGRestrict access to Web Designer and configuration files to authorized engineering personnel only; use physical access controls and file system permissions
HARDENINGScan all mobile data (USB drives, CDs) used to transfer configuration files before importing into Web Designer
HARDENINGUse a security appliance or host-based antivirus on the engineering workstation to detect and block malicious payloads
Mitigations - no patch available
0/1The following products have reached End of Life with no planned fix: Web Designer for BMXNOR0200H All Versions, Web Designer for BMXNOE0110(H) All Versions, Web Designer for BMENOC0311(C) All Versions, Web Designer for BMENOC0321(C) All Versions. Apply the following compensating controls:
HARDENINGIsolate engineering workstations running Web Designer from business networks and the internet; use a dedicated workstation or DMZ for HMI configuration
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/321698c8-1ed1-43c9-83cb-49171334b60c