Summary
Schneider Electric is aware of a vulnerability in its EcoStruxure Foxboro DCS Control Software on Foxboro DCS workstations and servers. Control Core Services and all runtime software, like FCPs, FDCs, and FBMs, are not affected. The EcoStruxure Foxboro DCS ([https://www.se.com/ww/en/product-range/63680-ecostruxure-foxboro-dcs/](https://www.se.com/ww/en/product-range/63680-ecostruxure-foxboro-dcs/)) product is an innovative family of fault-tolerant, highly available control components, which consolidates critical information and elevates staff capabilities to ensure flawless, continuous plant operation. Failure to apply the remediation provided below may risk deserialization of untrusted data, which could result in loss of confidentiality, integrity and potential remote code execution on the compromised workstation.
The following versions of Schneider Electric EcoStruxure Foxboro DCS are affected:
- EcoStruxure Foxboro DCS vers:generic/
| CVSS | Vendor | Equipment | Vulnerabilities |
|---|---|---|---|
| v3 6.5 | Schneider Electric | Schneider Electric EcoStruxure Foxboro DCS | Deserialization of Untrusted Data |
Background
- Critical Infrastructure Sectors: Commercial Facilities, Critical Manufacturing, Energy
- Countries/Areas Deployed: Worldwide
- Company Headquarters Location: France
Vulnerabilities
CVE-2026-1286
A deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity and potential remote code execution on workstation when an admin authenticated user opens a malicious project file.
Affected Products
Schneider Electric EcoStruxure Foxboro DCS
Schneider Electric
EcoStruxure Foxboro DCS versions prior to CS8.1
fixed, known_affected
Remediations
Vendor fix
Version CS 8.1 of EcoStruxure Foxboro DCS includes a fix for this vulnerability and is available through [https://buyautomation.se.com/](https://buyautomation.se.com/) CS 8.1 requires FX-V3 licenses, standard upgrade procedures apply. A reboot is required for workstations and servers. Depending on the existing system version, online upgrade without production interruption might be possible. Schneider Electric recommends you work with your local field service representative or technical service consultant for further information.
https://buyautomation.se.com/
Mitigation
If users choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploit: The vulnerability is attacked with manipulated data from external sources to the DCS computers. Examples for these are: * Configuration taglists * DirectAccess Scripts * Any partial or full Galaxy backups * Library files * Code snippets * ASCII files of any sort * Generally, any file getting from outside the DCS computer on a DCS computer. Only use data from trusted sources, check for correct file name endings on data files, check for reasonable file sizes for any files coming to the system, and check structured data for any fields or columns which might be unexpected. Check for unusual manipulations of data within data files and reject files containing unexpected data or structures. Use secure communication channels and encrypt communications when communicating outside the site network. Avoid and ban removable media (e.g. USB sticks or drives) Minimize count of users with engineering or administrative rights to DCS computers and ensure all interactions on DCS computers are executed with minimal user access rights. Consequently, isolating Foxboro DCS computers will help minimizing the risk of this vulnerability being exploited.
Read the original article: