Schneider Electric Engine Workstation Code Injection via Malicious Project File
CVE-2026-2273 Published on March 10, 2026

CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exist that could cause execution of untrusted commands on the engineering workstation which could result in a limited compromise of the workstation and a potential loss of Confidentiality, Integrity and Availability of the subsequent system when an authenticated user opens a malicious project file.

NVD

Weakness Type

What is a Code Injection Vulnerability?

The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CVE-2026-2273 has been classified to as a Code Injection vulnerability or weakness.

Affected Versions

Schneider Electric EcoStruxure™ Automation Expert Version Versions prior to v25.0.1 is affected by CVE-2026-2273

Schneider Electric Engine Workstation Code Injection via Malicious Project FileCVE-2026-2273 Published on March 10, 2026

Weakness Type

What is a Code Injection Vulnerability?

Affected Versions

Schneider Electric Engine Workstation Code Injection via Malicious Project File
CVE-2026-2273 Published on March 10, 2026