Code Injection Vulnerability in Schneider Electric Engineering Workstation
CVE-2026-2273

7.2HIGH

Key Information:

Vendor: Schneider Electric
Status: Ecostruxure™ Automation Expert
Vendor: CVE Published:; 10 March 2026

🔔 Create Schneider Electric Vulnerability Alert

What is CVE-2026-2273?

A code injection vulnerability exists in Schneider Electric's Engineering Workstation that allows an authenticated user to execute untrusted commands. This occurs when a malicious project file is opened, potentially leading to limited compromise of the workstation's security. The exploitation of this vulnerability could affect the confidentiality, integrity, and availability of the system, necessitating immediate attention and remediation measures.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

EcoStruxure™ Automation Expert Versions prior to v25.0.1

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V4

Score:

7.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Mar 10, 2026
Vulnerability Reserved
Feb 10, 2026

JSON

Schneider Electric