Infrastructure Briefing — jSerialComm search-path flaws expose EcoStruxure IT Gateway operators

CISA’s ICSA-20-126-01 bulletin explains how Fazecast’s jSerialComm library and Schneider Electric’s EcoStruxure IT Gateway inherit an uncontrolled search path, letting unsigned DLLs execute as soon as technicians connect to serial equipment.

Zeph Tech Research Lead

Research lead, Zeph Tech

1 publication timestamps supporting this briefing. Source data (JSON)

Executive briefing: jSerialComm provides serial connectivity for Java-based OT dashboards and Schneider’s EcoStruxure IT Gateway, but ICSA-20-126-01 confirms the library trusts whatever DLL sits in its search path. An unauthenticated attacker who drops a malicious DLL with the right name can hijack the gateway or the Windows server hosting the software.

Containment checklist

Upgrade both upstream components. Patch jSerialComm to 2.3+ and EcoStruxure IT Gateway to 1.8.1+ in the same change window so the runtime actually loads the signed binaries the vendors published.
Restrict write access around the service. Remove local admin privileges from operators, keep antivirus and EDR watching the program directories, and ensure only signed DLLs can land in the jSerialComm path.
Harden serial jump hosts. Treat the workstations and gateways as critical OT assets—enforce MFA for console access, keep them off the corporate domain, and monitor for unexpected DLL loads.

Response and assurance

Scan for rogue DLLs. Use file integrity monitoring to detect unapproved libraries under EcoStruxure IT Gateway and any other product bundling jSerialComm.
Log service execution. Capture Windows process creation events and Java stack traces from the gateway so SOC teams can tie suspicious DLL loads back to a specific maintenance session.
Update supplier questionnaires. Ask vendors whether they embed jSerialComm or similar serial middleware and require proof that the latest library release is in their SBOM.

Source excerpts

Primary — arbitrary code risk: “Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary code on a targeted system.”
CISA — ICSA-20-126-01

Primary — vendor guidance: “Fazecast, Inc., recommends users update jSerialComm to Version 2.3 or later…Schneider Electric recommends users upgrade EcoStruxure IT Gateway to Version 1.8.1 or later.”
CISA — ICSA-20-126-01

Timeline plotting source publication cadence sized by credibility. — 1 publication timestamps supporting this briefing. Source data (JSON)

Horizontal bar chart of credibility scores per cited source. — Credibility scores for every source cited in this briefing. Source data (JSON)

Visit pillar hub

Latest guides

Edge Resilience Infrastructure Guide — Zeph Tech
Engineer resilient edge estates using ETSI MEC standards, DOE grid assessments, and GSMA availability benchmarks documented by Zeph Tech.
Infrastructure Resilience Guide — Zeph Tech
Coordinate capacity planning, supply chain, and reliability operations using DOE grid programmes, Uptime Institute benchmarks, and NERC reliability mandates covered by Zeph Tech.
Infrastructure Sustainability Reporting Guide — Zeph Tech
Produce audit-ready infrastructure sustainability disclosures aligned with CSRD, IFRS S2, and sector-specific benchmarks curated by Zeph Tech.

Containment checklist

Response and assurance

Source excerpts

Related briefings

Infrastructure Briefing — Executive Order 13920 on bulk-power system security

Infrastructure Briefing — Rockwell EDS subsystem flaws threaten OT configuration workflows

Infrastructure Briefing — CISA updates essential critical infrastructure workforce guidance

Infrastructure Briefing — Eaton HMiSoft VU3 end-of-life leaves file parsing holes on OT workstations

Infrastructure Briefing — ABB System 800xA permission flaws demand workstation hygiene

Continue in the Infrastructure pillar

Latest guides