Schneider Electric EcoStruxure Foxboro DCS (Update A)

CVSS 6.5 MEDIUM

CVEs (1)

CVE-2018-12130

The recommendation is to upgrade to latest Foxboro server (V95, H94) and workstations (Dell D96): Please contact your local Service Representative or Schneider Electric Process Automation Global Customer Support Center for information on how to migrate to new hardware.https://pasupport.schneider-electric.com/home2020.asp?code=i1swrtYD1O7YcWYkLo5iZJHxEEY9U-agDBBtcLSP7EXks
If customers choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploit: The BIOS, OS security patches are applied to significantly reduce the exploit possibility. Additional information is available here: https://se.my.site.com/PAkb/s/article/KA000127385 Several layers of defense-in-depth mechanisms available in the recommended security architecture of DCS system, including the computers themselves, and by following the General Security Recommendations specified below mitigate this vulnerability. https://pasupport.schneider-electric.com/Content/Documents/IASeries/b0700_lastrev/b0700hz_f.pdf

Intel Schneider Electric

Commercial Facilities, Critical Manufacturing, Energy

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.