Schneider Electric EcoStruxure Foxboro DCS (Update A)

MonitorCVSS 6.5ICS-CERT ICSA-26-020-01Dec 9, 2025

Schneider ElectricEnergy

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Schneider Electric EcoStruxure Foxboro DCS contains a vulnerability disclosed by Intel affecting the Virtualization Server V91, Standard Workstation H92, and Server H90. An authenticated user with local access could exploit a side-channel information disclosure vulnerability to access system functionality or cause loss of system functionality.

What this means

What could happen

An authenticated user with local console access could potentially read sensitive system information or gain unauthorized access to critical DCS functions, potentially disrupting plant operations or enabling unauthorized process control.

Who's at risk

Schneider Electric EcoStruxure Foxboro DCS customers operating critical process automation systems in energy and chemical plants. This affects three product lines: Virtualization Server V91, Standard Workstation H92, and Server H90. Any facility running these legacy Foxboro DCS versions is at risk.

How it could be exploited

An attacker with a valid user account and physical or local console access to the affected Foxboro DCS server or workstation could exploit a side-channel vulnerability in the processor to read privileged system data or functions without proper authorization.

Prerequisites

Valid authenticated user account on the DCS system
Local console access or physical access to the affected server/workstation
User-level privileges (not requiring administrator credentials)

Requires authenticated accessRequires local accessProcessor-level side-channel vulnerabilityAffects safety-critical DCS systemsNo patch available for legacy hardware (upgrade required)

Exploitability

Unlikely to be exploited — EPSS score 0.6%

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

EcoStruxure™ Foxboro DCS Virtualization Server V91All versionsEcoStruxure™ Foxboro DCS Virtualization Server

EcoStruxure™ Foxboro DCS Standard Workstation H92All versionsEcoStruxure™ Foxboro DCS Standard Workstation

EcoStruxure™ Foxboro DCS Server H90All versionsEcoStruxure™ Foxboro DCS Server

Remediation & Mitigation

0/7

Do now

0/1

HARDENINGRestrict physical and remote console access to DCS servers and workstations to authorized personnel only

Schedule — requires maintenance window

0/5

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Virtualization Server V91 to V95 hardware

HOTFIXUpgrade Standard Workstation H92 to Dell D96 hardware

HOTFIXUpgrade Server H90 to H94 hardware

HOTFIXApply latest BIOS updates to all Foxboro DCS servers and workstations

HOTFIXApply all available OS security patches to Foxboro DCS systems

Long-term hardening

0/1

HARDENINGImplement defense-in-depth security architecture controls as specified in Schneider Electric security recommendations (document B0700)

CVEs (1)

CVE-2018-12130

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/7ae5d893-849a-4460-ba6d-2557f130af07

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.