System Monitor Application in Harmony and Pro-face PS5000 Legacy Industrial PCs
Act Now6.9SEVD-2025-189-02Jul 8, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityHigh
User InteractionRequired
Summary
A cross-site scripting (XSS) vulnerability exists in the System Monitor application included in Schneider Electric Harmony Industrial PC (all versions) and Pro-face PS5000 Legacy Industrial PC Series (all versions). An attacker can inject malicious script into input fields that are reflected back in the web interface, allowing code execution in the context of a logged-in user's browser session. This could enable unauthorized modifications to monitoring settings, access to sensitive operational data, or lateral movement within the network. No vendor patch is available for this issue.
What this means
What could happen
An attacker could inject malicious code into the System Monitor application through reflected input, allowing untrusted code execution on the industrial PC which could disrupt operations, alter process control, or compromise data integrity.
Who's at risk
This affects water utilities, electric utilities, manufacturing facilities, and other operations that use Harmony or Pro-face industrial PCs for monitoring and control. Any facility using these systems for real-time process monitoring, SCADA integration, or equipment health tracking should assess their exposure. The impact is highest for operations where the industrial PC controls critical processes or where operator workstations have direct access to these devices.
How it could be exploited
An attacker crafts a malicious URL containing injected script code and tricks an engineer or operator into clicking it while logged into the System Monitor web interface. The injected code executes in the browser with the privileges of the logged-in user, allowing the attacker to modify monitoring parameters, access sensitive data, or pivot to other systems on the plant network.
Prerequisites
- Network access to the System Monitor web interface (typically port 80/443 on the industrial PC)
- User interaction required - engineer or operator must click a malicious link or visit an attacker-controlled page
- User must be actively logged into or have an active session with System Monitor
remotely exploitableactively exploited (KEV)requires user interactionno patch availablehigh EPSS score (36.9%)
Exploitability
Actively exploited — confirmed by CISA KEV
Affected products (2)
1 pending1 EOL
ProductAffected VersionsFix Status
Pro-face Industrial PC All VersionsAll versionsNo fix yet
Harmony Industrial PC All VersionsAll versionsNo fix (EOL)
Remediation & Mitigation
0/4
Do now
0/3WORKAROUNDUninstall the System Monitor application using the installer available from Schneider Electric support portal for Harmony Industrial PC or Pro-face support portal for PS5000
HARDENINGIf System Monitor cannot be uninstalled, restrict network access to the industrial PC web interface using firewall rules - limit inbound HTTP/HTTPS to trusted engineering networks only
HARDENINGDisable web access to the System Monitor application if the monitoring function is not actively needed
Mitigations - no patch available
0/1Harmony Industrial PC All Versions has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGEducate operators and engineers not to click on links or visit websites from untrusted sources when System Monitor sessions are active
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/cf5b3685-457b-4c52-a25f-49816ad0d5c9