CISA issues advisory on Schneider Electric EcoStruxure SCADA and Pro-face BLUE vulnerability

Schneider Electric's EcoStruxure Machine Supervisory Control and Data Acquisition (SCADA) Expert and Pro-face BLUE Open Studio contain a cryptographic weakness that could affect data confidentiality and integrity.

The reported vulnerability, identified as CVE-2025-9317, affects versions prior to 2023.1 Patch 1 of both software products. It involves the use of a broken or risky cryptographic algorithm, specifically when an attacker with read access to Edge project or offline cache files can computationally brute-force weak password hashes. The Common Vulnerability Scoring System (CVSS) version 3.1 base score for this issue is 8.4 with vector Antivirus Software (AV):L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N. The CVSS version 4 base score is 8.3 with vector AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N. The vulnerability reference is detailed in the AVEVA Security Bulletin AVEVA-2025-006.

If exploited, the vulnerability could result in unauthorized disclosure and alteration of information within the affected applications.

To address this issue, Schneider Electric released version 2023.1 Patch 1 for both EcoStruxure Machine SCADA Expert and Pro-face BLUE Open Studio, which includes a correction for the vulnerability. Users are advised to apply these updates where possible. Alternatives involving access control and project file management are recommended if immediate patching is not feasible.

Advisory guidance emphasizes the application of access restrictions to project file directories, maintaining secure handling of project files, implementing project-level data protection with strong master passwords, and avoiding embedding passwords directly within project scripts. Additional cybersecurity measures include isolating control system networks behind firewalls, restricting physical access to control equipment, limiting network connections exclusively to intended networks, scanning all external media before use, minimizing exposure to network threats, and employing secure remote access methods such as VPNs. These recommendations align with Schneider Electric's and CISA's published security best practices and documents.