CVE-2026-2273
Code Injection in Engineering Workstation via Malicious Project File
Publication date: 2026-03-10
Last updated on: 2026-03-10
Assigner: Schneider Electric SE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| schneider_electric | ecostruxure_automation_expert | to 25.0.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-2273 is a high-severity code injection vulnerability (CWE-94) found in the EcoStruxureβ’ Automation Expert software. It allows an authenticated user who opens a malicious project file on the engineering workstation to execute arbitrary commands. This improper control of code generation can lead to a limited compromise of the workstation.
How can this vulnerability impact me? :
The vulnerability can result in a limited compromise of the engineering workstation, potentially causing loss of confidentiality, integrity, and availability of the broader system controlled by the software. This means unauthorized commands could be executed, leading to disruption or manipulation of industrial processes.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The provided resources do not include specific commands or detailed detection methods to identify this vulnerability on your network or system.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading to EcoStruxureβ’ Automation Expert version 25.0.1, which contains a fix for this vulnerability.
If patching is not immediately possible, store solution and archive files only within the userβs home directory or locations secured by strict Windows file-system access controls to prevent unauthorized access in multi-user environments.
Verify the authenticity and integrity of any solution or archive files before opening them.
Follow general cybersecurity best practices such as isolating control and safety system networks behind firewalls, restricting physical access to industrial control systems, securing controllers in locked cabinets, avoiding network connections for programming software outside intended networks, scanning removable media before use, minimizing network exposure, and using secure remote access methods like VPNs with up-to-date software.