Schneider Electric Pro-face GP-Pro EX and Remote HMI (Update A)

CVEs (1)

Remediations

• Version 5.00.100 release of GP-ProEX includes a fix for this vulnerability. Please contact your [Pro-face Customer Care Center](https://www.proface.com/en/contact) to obtain the fix.
• Version 1.70.000 of Pro-face Remote HMI includes a fix for this vulnerability and is available for download in [Apple App Store](https://apps.apple.com/) and [Google Play Store](https://play.google.com/).
• If customers choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploit: For customers requiring the use of Pro-face Remote HMI, Schneider Electric recommends using following mitigations: * Use of [Pro-face Connect solution](https://www.proface.com/en/product/soft/proface_connect/top) or any other VPN solutions for securing the remote access by encrypting the communication between Pro-face Remote HMI and Pro-face GP-ProEX. * Always connect the products to only trusted networks and follow the [Pro-face Cybersecurity Guidelines](https://www.proface.com/en/download/manual/cybersecurity_guide) * Set up a connection password. For more details refer to the [GP-Pro EX V4.0 Reference Manual](https://www.pro-face.com/otasuke/files/manual/gpproex/new/refer/gpproex.htm#t=mergedProjects%2Fremote%2Fremote_sg_remotehmi.htm&rhsearch=Remote%20HMI&rhhlterm=Remote%20HMI&ux=search) in section “Remote Viewer - Pro-face Remote HMI” For customers not using the Pro-face Remote HMI Schneider Electric recommends using following mitigations to reduce the risk of exploit: * Disable the Pro-face Remote HMI feature (deactivated by default). For more details refer to the [GP-Pro EX V4.0 Reference Manual](https://www.pro-face.com/otasuke/files/manual/gpproex/new/refer/gpproex.htm#t=mergedProjects%2Fmaintenance%2Fmaintenance_sg_remotemonitor.htm%23BMK_ProfaceRemoteHMI&rhsearch=Remote%20HMI) section “Pro-face Remote HMI Settings”

Affected Vendors

Affected Products (4)

Affected Sectors

Energy