OTPulse
FeedAboutContact

EcoStruxure™ Machine SCADA Expert & Pro-face BLUE Open Studio

Plan Patch8.4SEVD-2025-315-02Nov 11, 2025
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

A weak cryptographic implementation in an AVEVA component used by EcoStruxure Machine SCADA Expert and Pro-face BLUE Open Studio allows brute-force password recovery attacks. Successful exploitation could enable an attacker with local access to recover user credentials and gain unauthorized access to SCADA engineering accounts, potentially allowing modification of control logic, setpoints, and HMI configuration that manages industrial processes and equipment.

What this means
What could happen
An attacker with local access to a workstation running these SCADA development tools could exploit a weak cryptographic implementation to brute-force password recovery, gaining unauthorized access to engineering accounts and the ability to modify HMI/SCADA projects that control factory lines or industrial equipment.
Who's at risk
Engineering teams in manufacturing and energy sectors who use EcoStruxure Machine SCADA Expert or Pro-face BLUE Open Studio to develop and maintain SCADA applications, dashboards, and HMI interfaces for industrial process control systems. This includes line management software running on Harmony Industrial PCs and GTU Open Boxes.
How it could be exploited
An attacker with local access to an engineering workstation runs a brute-force attack against the stored password hashes using the weak encryption algorithm. Once a password is recovered, the attacker logs in as an authorized user and can modify SCADA logic, setpoints, or HMI screens to alter or stop industrial processes controlled by the software.
Prerequisites
  • Local access to the workstation running EcoStruxure Machine SCADA Expert or Pro-face BLUE Open Studio
  • Engineering account credentials are stored locally with weak cryptographic hashing
  • Ability to run password recovery/brute-force tools on the affected system
Weak cryptographic implementation (CWE-327)Local access required but low barrier to entry on shared engineering networksAffects SCADA development tools with direct control over operational processes
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
EcoStruxure™ Machine SCADA Expert<2023.1 Patch 12023.1 Patch 1
Pro-face BLUE Open Studio<2023.1 Patch 12023.1 Patch 1
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGRestrict local access to engineering workstations running these tools to authorized personnel only
HARDENINGReview and enforce strong password policies for all engineering accounts
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

Pro-face BLUE Open Studio
HOTFIXUpdate Pro-face BLUE Open Studio to version 2023.1 Patch 1 or later
All products
HOTFIXUpdate EcoStruxure Machine SCADA Expert to version 2023.1 Patch 1 or later
View full Schneider Electric advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/ac0be7ca-0376-4bbd-8f4a-5c3a16d42530
EcoStruxure™ Machine SCADA Expert & Pro-face BLUE Open Studio | CVSS 8.4 - OTPulse