Summary
Schneider Electric is aware of a vulnerability disclosed by INTEL used in the EcoStruxure™ Foxboro DCS product formerly known as Foxboro Evo Process Automation System and I/A Series. The [EcoStruxure™ Foxboro DCS product](https://www.se.com/ww/en/product-range/63680-ecostruxure-foxboro-dcs/#overview) is an innovative family of fault-tolerant, highly available control components, which consolidates critical information and elevates staff capabilities to ensure flawless, continuous plant operation. Failure to apply the remediations provided below may risk allowing an authenticated user to potentially enable information disclosure via a side channel with local access, which could result in loss of system functionality or unauthorized access to system functions.
The following versions of Schneider Electric EcoStruxure Foxboro DCS are affected:
- EcoStruxure™ Foxboro DCS Virtualization Server ()
- EcoStruxure™ Foxboro DCS Virtualization Server ()
- EcoStruxure™ Foxboro DCS Standard Workstation ()
- EcoStruxure™ Foxboro DCS Standard Workstation ()
| CVSS | Vendor | Equipment | Vulnerabilities |
|---|---|---|---|
| v3 6.5 | Schneider Electric | Schneider Electric EcoStruxure Foxboro DCS | Exposure of Sensitive Information to an Unauthorized Actor |
Background
- Critical Infrastructure Sectors: Commercial Facilities, Critical Manufacturing, Energy
- Countries/Areas Deployed: Worldwide
- Company Headquarters Location: France
Vulnerabilities
CVE-2018-12130
A vulnerability disclosed by INTEL in Intel Xeon Silver 4110 and Intel Xeon W-2123 and prior impact Schneider Electric EcoStruxure™ Foxboro DCS V91 DCS Virtualization Server and H92 DCS Standard Workstation.
Read the original article: