Schneider Electric Security Notification System Monitor Application in Harmony and Pro-face PS5000 Legacy Industrial PCs 8 October 2024 Overview Schneider Electric is aware of a vulnerability in its System Monitor application of Harmony Industrial PC Series and Pro-face PS5000 trusted Legacy industrial PC Series products. The Harmony Industrial PC Series and Pro-face PS5000 legacy industrial PC Series are iPCs which incorporate slim, flexible and durable design allowing each customer to configure their iPC based on their individual application needs. These products offer flexible connectivity to a range of devices and designs. Failure to apply the remediations provided below may risk denial of service, sensitive information disclosure, integrity issues, which could result in operational failures. Affected Products and Versions Vulnerability Details CVE ID: CVE-2024-8884 CVSS v3.1 Base Score: 9.8 CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause exposure of credentials when attacker has access to application on network over http. Note regarding vulnerability details: The severity of vulnerabilities was calculated using the CVSS Base metrics in version 3.1 (CVSS v3.1) without incorporating the Temporal and Environmental metrics. Schneider Electric recommends that customers score the CVSS Environmental metrics, which are specific to end-user organizations, and consider factors such as the presence of mitigations in that environment. Environmental metrics may refine the relative severity posed by the vulnerabilities described in this document within a customer's environment.