Summary
Schneider Electric is aware of a vulnerability disclosed by Microsoft in the Microsoft Windows Server Update Services (WSUS) used in the EcoStruxure™ Foxboro DCS Advisor services. The EcoStruxure™ Foxboro DCS Advisor, an optional component of the [EcoStruxure™ Foxboro DCS system](https://www.se.com/ww/en/work/products/industrial-automation-control/foxboro-dcs/), facilitates remote connectivity and diagnostics by continuously monitoring key performance indicators (KPI) on the I/A Series or Control Software system’s process. Failure to apply the remediations provided below may risk a potential remote code execution event, which could result in system-level privileges acquired by unauthorized parties.
The following versions of Schneider Electric EcoStruxure Foxboro DCS Advisor are affected:
- EcoStruxure™ Foxboro DCS Advisor services ()
| CVSS | Vendor | Equipment | Vulnerabilities |
|---|---|---|---|
| v3 9.8 | Schneider Electric | Schneider Electric EcoStruxure Foxboro DCS Advisor | Deserialization of Untrusted Data |
Background
- Critical Infrastructure Sectors: Critical Manufacturing, Energy
- Countries/Areas Deployed: Worldwide
- Company Headquarters Location: France
Vulnerabilities
CVE-2025-59287
A vulnerability disclosed by Microsoft in the Microsoft Windows Server Update Services (WSUS) application impacts servers running Schneider Electric EcoStruxure™ Foxboro DCS Advisor. CVE ID: CVE-2025-59287. Additional information about CVE-2025-59287can be found here: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59287
Affected Products
Schneider Electric EcoStruxure Foxboro DCS Advisor
Content was cut in order to protect the source.Please visit the source for the rest of the article.Read the original article: