EcoStruxure™ Foxboro DCS Advisor
Act Now9.8SEVD-2025-343-02Dec 9, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
A vulnerability exists in Microsoft Windows Server WSUS used by EcoStruxure Foxboro DCS Advisor services. The DCS Advisor is an optional component that enables remote connectivity, diagnostics, and continuous monitoring of key performance indicators (KPI) on I/A Series or Control Software systems. The vulnerability allows remote code execution with system-level privileges without authentication. Affected versions: Microsoft Windows Server 2016 (all versions prior to KB5070882) and Windows Server 2022 (all versions prior to KB5070884).
What this means
What could happen
An attacker could execute arbitrary code with system-level privileges on the DCS Advisor server, allowing them to compromise the entire distributed control system monitoring and diagnostics capability, disrupt process data collection, or pivot to connected control networks.
Who's at risk
Energy utilities and manufacturing plants running EcoStruxure Foxboro DCS systems, especially those using the optional DCS Advisor component for remote connectivity, KPI monitoring, and diagnostics on I/A Series or Control Software systems. Any Windows Server 2016 or 2022 hosting DCS Advisor is affected.
How it could be exploited
An attacker with network access to the Foxboro DCS Advisor service exploits a Windows Server WSUS vulnerability (CWE-502, unsafe deserialization) to execute code remotely without authentication. The vulnerability exists in the WSUS component used by the DCS Advisor services for update distribution and monitoring.
Prerequisites
- Network access to EcoStruxure Foxboro DCS Advisor services
- Unpatched Windows Server 2016 (before KB5070882) or Windows Server 2022 (before KB5070884)
- DCS Advisor services running and accessible
remotely exploitableno authentication requiredlow complexityactively exploited (KEV)high EPSS score (68.4%)affects DCS monitoring and diagnosticssystem-level code execution
Exploitability
Actively exploited — confirmed by CISA KEV
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
Microsoft Windows Server 2016 <10.0.14393.8524All versionsEcoStruxure™ Foxboro DCS Advisor services
Microsoft Windows Server 2022 <10.0.20348.4297All versionsEcoStruxure™ Foxboro DCS Advisor services
Remediation & Mitigation
0/5
Do now
0/5HOTFIXApply Microsoft patch KB5070882 for Windows Server 2016 and test in non-production environment before rolling to DCS servers
HOTFIXApply Microsoft patch KB5070884 for Windows Server 2022 and test in non-production environment before rolling to DCS servers
HOTFIXPlan reboot windows during low-demand periods; coordinate with operations to minimize process interruption
HOTFIXContact Schneider Electric Global Customer Support to verify patch application and obtain deployment guidance specific to your DCS configuration
HARDENINGRestrict network access to DCS Advisor services to authorized engineering and monitoring stations only; implement firewall rules to limit service exposure
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/171f1f8a-6418-4a4f-aef5-567b69ef15ef