Schneider Electric EcoStruxure Foxboro DCS

p a href= https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-083-02.json strong View CSAF /strong /a /p h2 Summary /h2 p strong Schneider Electric is aware of a vulnerability in its EcoStruxure Foxboro DCS Control Software on Foxboro DCS workstations and servers. Control Core Services and all runtime software, like FCPs, FDCs, and FBMs, are not affected. The EcoStruxure Foxboro DCS ([https://www.se.com/ww/en/product-range/63680-ecostruxure-foxboro-dcs/](https://www.se.com/ww/en/product-range/63680-ecostruxure-foxboro-dcs/)) product is an innovative family of fault-tolerant, highly available control components, which consolidates critical information and elevates staff capabilities to ensure flawless, continuous plant operation. Failure to apply the remediation provided below may risk deserialization of untrusted data, which could result in loss of confidentiality, integrity and potential remote code execution on the compromised workstation. /strong /p p The following versions of Schneider Electric EcoStruxure Foxboro DCS are affected: /p ul li EcoStruxure Foxboro DCS vers:generic/ /li /ul div class= csaf-table table class= tablesaw tablesaw-stack data-tablesaw-mode= stack data-tablesaw-minimap thead tr th role= columnheader data-tablesaw-priority= persist CVSS /th th role= columnheader Vendor /th th role= columnheader Equipment /th th role= columnheader Vulnerabilities /th /tr /thead tbody tr td v3 6.5 /td td Schneider Electric /td td Schneider Electric EcoStruxure Foxboro DCS /td td Deserialization of Untrusted Data /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Commercial Facilities, Critical Manufacturing, Energy /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong France /li /ul hr h2 Vulnerabilities /h2 div class= csaf-accordion p a class= csaf-accordion-toggle-all href= # Expand All + /a /p div class= csaf-accordion-item h3 a class= csaf-accordion-toggle href= # CVE-2026-1286 /a /h3 div class= csaf-accordion-content p A deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity and potential remote code execution on workstation when an admin authenticated user opens a malicious project file. /p p a href= https://www.cve.org/CVERecord?id=CVE-2026-1286 View CVE Details /a /p hr h4 Affected Products /h4 h5 Schneider Electric EcoStruxure Foxboro DCS /h5 div class= ics-vendor-version-status div class= ics-vendor strong Vendor: /strong br Schneider Electric /div div class= ics-version strong Product Version: /strong br EcoStruxure Foxboro DCS versions prior to CS8.1 /div div class= ics-status strong Product Status: /strong br fixed, known_affected /div /div div class= ics-remediations h6 Remediations /h6 p strong Vendor fix /strong br Version CS 8.1 of EcoStruxure Foxboro DCS includes a fix for this vulnerability and is available through [https://buyautomation.se