Deserialization of Untrusted Data vulnerability on EcoStruxure™ Foxboro DCS

Monitor6.5SEVD-2026-069-03Mar 10, 2026

Attack VectorLocal

Auth RequiredHigh

ComplexityLow

User InteractionRequired

Summary

EcoStruxure™ Foxboro DCS (versions earlier than CS8.1) contains a deserialization vulnerability in the Control Software running on DCS workstations and servers. The vulnerability occurs when the application deserializes untrusted data without proper validation. An authenticated user with high privileges could exploit this to execute arbitrary code on the affected workstation, potentially compromising system integrity and confidentiality. The runtime field controllers (FCP, FDC, FBM) and Control Core Services are not affected.

What this means

What could happen

An attacker with local access and high privileges on a Foxboro DCS workstation or server could execute arbitrary code by sending specially crafted serialized data, compromising the engineering workstation and potentially gaining access to control system configuration or logic.

Who's at risk

Energy sector utilities operating Foxboro DCS control systems should prioritize this issue. Affected systems are engineering workstations and control system servers running Foxboro DCS (not the runtime controllers like FCP, FDC, or FBM). This impacts organizations that use Foxboro DCS for distributed process automation and supervisory control in power generation, substations, or critical infrastructure operations.

How it could be exploited

An attacker with administrative or engineering-level privileges could craft malicious serialized data objects and provide them to the Foxboro DCS workstation (via file upload, clipboard, or application input). When the application deserializes this data without validation, the attacker's code executes in the context of the workstation process.

Prerequisites

Local or network access to Foxboro DCS workstation or server
High-privilege user credentials (administrative or engineering account)
User interaction to load/process the malicious serialized data
Foxboro DCS version earlier than CS8.1

Requires high-privilege credentialsUser interaction requiredLocal/workstation-level impactLow EPSS score (0.3%)

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (1)

ProductAffected VersionsFix Status

EcoStruxure™ Foxboro DCS< CS8.1CS8.1

Remediation & Mitigation

0/4

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate EcoStruxure™ Foxboro DCS to version CS8.1 or later

HOTFIXCoordinate upgrade with Field Service Representative or Technical Service Consultant to plan reboot window and determine if online upgrade is possible for your configuration

Long-term hardening

0/2

HARDENINGRestrict local and network access to Foxboro DCS workstations and servers to authorized engineering personnel only

HARDENINGImplement strong access controls and monitor privileged user activity on engineering workstations

CVEs (1)

CVE-2026-1286

View full Schneider Electric advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b4dffe76-27dd-430d-b04c-d87033dacc7f