Schneider Electric EcoStruxure Foxboro DCS (Update A)
Monitor6.5ICS-CERT ICSA-26-020-01Dec 9, 2025
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
Schneider Electric has disclosed a vulnerability in EcoStruxure Foxboro DCS products that stems from Intel CPU side-channel weaknesses (such as speculative execution vulnerabilities). The vulnerability allows an authenticated user with local access to potentially read sensitive information from system memory via side-channel attacks, which could result in unauthorized access to system functions or loss of system functionality. Affected products include EcoStruxure Foxboro DCS Virtualization Server V91 (all versions), Standard Workstation H92 (all versions), and Server H90 (all versions).
What this means
What could happen
An authenticated user with local access could exploit a side-channel vulnerability in older hardware to read sensitive information from system memory, potentially exposing control logic, credentials, or system configuration. This could enable unauthorized access to critical DCS functions or plant operations.
Who's at risk
Energy sector operators running Schneider Electric EcoStruxure Foxboro DCS systems should assess their hardware inventory. This affects older DCS servers (V91 and earlier), standard workstations (H92 and earlier), and virtualization servers. Sites with legacy Foxboro Evo or I/A Series systems are also impacted. The vulnerability requires local or direct network access, so it primarily affects users with access to engineering workstations or control room terminals.
How it could be exploited
An attacker with valid credentials and physical or local network access to an EcoStruxure Foxboro DCS server or workstation could execute code that exploits an Intel CPU side-channel vulnerability (such as speculative execution) to read privileged information from system memory without having direct authorization to access it.
Prerequisites
- Valid user account credentials to log in to the affected DCS component
- Local or direct network access to the Foxboro server or workstation (not remotely exploitable over the internet)
- Ability to run code or commands on the affected system
Authenticated access requiredLocal access required (not remotely exploitable)Affects critical control systemsSide-channel attack (requires specialized technical knowledge)No patch available for affected versions (hardware upgrade required)Older hardware more vulnerable to side-channel exploitation
Exploitability
Low exploit probability (EPSS 0.5%)
Affected products (3)
3 with fix
ProductAffected VersionsFix Status
EcoStruxure™ Foxboro DCS Virtualization Server V91All versionsEcoStruxure™ Foxboro DCS Virtualization Server
EcoStruxure™ Foxboro DCS Standard Workstation H92All versionsEcoStruxure™ Foxboro DCS Standard Workstation
EcoStruxure™ Foxboro DCS Server H90All versionsEcoStruxure™ Foxboro DCS Server
Remediation & Mitigation
0/6
Do now
0/1HARDENINGRestrict physical and local network access to DCS servers and workstations to authorized personnel only
Schedule — requires maintenance window
0/4Patching may require device reboot — plan for process interruption
HOTFIXUpgrade EcoStruxure Foxboro DCS Virtualization Server to V95 or newer hardware
HOTFIXUpgrade EcoStruxure Foxboro DCS Standard Workstation to H94 or upgrade to Dell D96 workstations
HOTFIXUpgrade EcoStruxure Foxboro DCS Server to H94 or newer hardware
HOTFIXApply latest BIOS and OS security patches to existing servers and workstations to reduce exploit risk
Long-term hardening
0/1HARDENINGImplement defense-in-depth security architecture per Schneider Electric General Security Recommendations (reference b0700hz_f.pdf)
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/7ae5d893-849a-4460-ba6d-2557f130af07