Code Injection Vulnerability in Schneider Electric Engineering Workstation
CVE-2026-2273

7.2HIGH

Key Information:

Vendor: Schneider Electric
Status: Ecostruxure™ Automation Expert
Vendor: CVE Published:; 10 March 2026

🔔 Create Schneider Electric Vulnerability Alert

What is CVE-2026-2273?

A code injection vulnerability exists in Schneider Electric's Engineering Workstation that allows an authenticated user to execute untrusted commands. This occurs when a malicious project file is opened, potentially leading to limited compromise of the workstation's security. The exploitation of this vulnerability could affect the confidentiality, integrity, and availability of the system, necessitating immediate attention and remediation measures.

Affected Version(s)

EcoStruxure™ Automation Expert Versions prior to v25.0.1

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V4

Score:

7.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 10, 2026
Vulnerability Reserved
Feb 10, 2026

CVE-2026-2273 Data

JSON