CVE-2026-1286
Deserialization Vulnerability in Workstation Allows Remote Code Execution
Publication date: 2026-03-10
Last updated on: 2026-03-10
Assigner: Schneider Electric SE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| schneider_electric | ecostruxure_foxboro_dcs | to CS8.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2026-1286 is a vulnerability in Schneider Electric's EcoStruxureβ’ Foxboro DCS product involving CWE-502, which is the deserialization of untrusted data. This vulnerability occurs when an authenticated administrator opens a malicious project file, potentially allowing loss of confidentiality, integrity, and enabling remote code execution on the affected workstation."}] [1]
How can this vulnerability impact me? :
This vulnerability can lead to serious impacts including loss of confidentiality and integrity of data, as well as potential remote code execution on the workstation of an authenticated administrator. This means an attacker could execute arbitrary code with high privileges, potentially compromising the control system and affecting its availability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for the opening of malicious project files by authenticated administrator users on workstations running affected versions of EcoStruxureβ’ Foxboro DCS prior to CS8.1.
While specific commands are not provided in the available resources, general detection methods include verifying the integrity of project files via hashing and monitoring file access logs for unusual activity involving project files.
Network detection can be enhanced by isolating control networks behind firewalls and scanning removable media before use.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the patch provided in version CS8.1 of EcoStruxureβ’ Foxboro DCS, which fixes the vulnerability. A system reboot is required after patching.
- Only open project files from trusted sources.
- Verify the integrity of project files using hashing techniques.
- Encrypt project files and restrict access to authorized users.
- Use secure communication protocols for transferring project files.
- Isolate control networks behind firewalls and restrict physical access to controllers.
- Avoid network connections outside intended networks and scan removable media before use.
- Use secure remote access methods such as VPNs with up-to-date software.