Deserialization Vulnerability in Schneider Electric's Workstation Product
CVE-2026-1286

7HIGH

Key Information:

Vendor

Schneider Electric
Status
Ecostruxure™ Foxboro Dcs
Vendor
CVE Published:
10 March 2026

What is CVE-2026-1286?

A vulnerability exists in Schneider Electric's Workstation that allows deserialization of untrusted data. When an authenticated admin user opens a malicious project file, this could potentially lead to a loss of confidentiality and integrity, and it may enable remote code execution. This security risk emphasizes the importance of validating and sanitizing input data within software applications to protect against such attacks.

Affected Version(s)

EcoStruxure™ Foxboro DCS Versions prior to CS8.1

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V4

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.