VDB
SEVD-2022-284-01
SEVD-2022-284-01
PUBLISHED
CVSS 7 HIGH
Schneider Electric is aware of multiple vulnerabilities in its EcoStruxure™ Operator Terminal Expert and Pro-face BLUE products. The EcoStruxure™ Operator Terminal Expert and Pro-face BLUE products are HMI configuration software supporting gestures and UI designs. Failure to apply the remediations provided below may risk unauthorized code execution by a local user of the Windows engineering workstation, which could result in loss of availability, integrity, and confidentiality of the workstation where EcoStruxure™ Operator Terminal Expert or Pro-face BLUE runtime is installed.
Risk Scores
CVSS v3.1
7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider Electric Pro-face BLUE 3.3 | ||
| Schneider Electric EcoStruxure™ Operator Terminal Expert <3.3 | ||
| Schneider Electric Pro-face BLUE <3.3 | ||
| Schneider Electric EcoStruxure™ Operator Terminal Expert 3.3 |
Timeline
- Oct 11, 2022 CVE Published
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-284-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-284-01_EcoStruxure_Operator_Terminal_Expert_and_Pro-face_BLUE_Security_Notification.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-284-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2022-284-01.json advisory
- https://www.se.com/us/en/download/document/7EN52-0390/ advisory
- https://www.se.com/ww/en/product-range/62621-ecostruxure-operator-terminal-expert/#software-and-firmware fix
- https://www.proface.com/en/service#/blue/page/installer fix