PatchSiren cyber security CVE debrief
CVE-2024-12399 Schneider Electric CVE debrief
CVE-2024-12399 is a Schneider Electric Pro-face advisory for GP-Pro EX and Remote HMI. According to the CISA CSAF record, the issue is a CWE-924 message integrity weakness that could allow a man-in-the-middle attacker intercepting communications to cause partial loss of confidentiality, integrity, and availability of the HMI. The advisory was originally published on 2025-01-14 and later updated on 2025-09-09 to note that remediations are available.
- Vendor
- Schneider Electric
- Product
- Pro-face
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-01-14
- Original CVE updated
- 2025-09-09
- Advisory published
- 2025-01-14
- Advisory updated
- 2025-09-09
Who should care
Organizations using Schneider Electric Pro-face GP-Pro EX versions prior to 5.00.100 or Pro-face Remote HMI versions prior to 1.70.000 should review this immediately, especially OT/ICS teams responsible for HMI engineering workstations, remote access, and plant-floor networks. Security teams that allow remote HMI connections over untrusted or shared networks should prioritize it.
Technical summary
The affected products are Schneider Electric Pro-face GP-Pro EX versions prior to 5.00.100 and Pro-face Remote HMI versions prior to 1.70.000. The vulnerability is described as improper enforcement of message integrity during transmission in a communication channel (CWE-924). In the advisory, Schneider Electric states that an attacker performing a man-in-the-middle attack by intercepting communication could affect the HMI's confidentiality, integrity, and availability. The CVSS vector provided is CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H, which indicates network exposure, no privileges required, and user interaction required.
Defensive priority
High. The issue affects HMI-related software used in industrial environments and is reachable over communications that can be intercepted if not protected. The vendor has already provided fixed versions, and the mitigations specifically call for encrypted remote access or disabling the feature when unused.
Recommended defensive actions
- Upgrade GP-Pro EX to version 5.00.100 or later using the vendor-provided fix.
- Upgrade Pro-face Remote HMI to version 1.70.000 or later from the Apple App Store or Google Play Store.
- If remote HMI is required, use Pro-face Connect or another VPN solution to encrypt communications between Pro-face Remote HMI and GP-Pro EX.
- Limit use to trusted networks and follow the Pro-face Cybersecurity Guidelines.
- Set a connection password as described in the GP-Pro EX reference manual.
- If Pro-face Remote HMI is not needed, disable the feature because it is deactivated by default.
- Verify affected assets against the advisory and prioritize remediation on exposed engineering and remote-access systems.
Evidence notes
All claims above are taken from the supplied CISA CSAF advisory data and Schneider Electric remediation notes. The source record identifies the affected vendor as Schneider Electric, product family Pro-face, affected versions prior to GP-Pro EX 5.00.100 and Remote HMI 1.70.000, and remediation availability added in the 2025-09-09 revision. The CVSS vector and the CWE-924 description come from the supplied source corpus.
Official resources
-
CVE-2024-12399 CVE record
CVE.org
-
CVE-2024-12399 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA CSAF advisory ICSA-25-035-07 / Schneider Electric Security and Safety Notice SEVD-2025-014-02. Original release: 2025-01-14. Advisory revision 2.0.0 on 2025-09-09 states remediations are now available for Pro-face GP-Pro EX and Proface