Schneider Electric EcoStruxure Automation Expert
Summary
Schneider Electric has identified a critical vulnerability, CVE-2026-2273, in its EcoStruxure Automation Expert software. This flaw, a 'Code Injection' vulnerability, could allow an authenticated user to execute arbitrary commands on an engineering workstation by opening a malicious project file. This may lead to a compromise of the workstation and subsequent system availability, integrity, and confidentiality.
IFF Assessment
The vulnerability allows for code injection and potential system compromise, posing a significant risk to industrial control systems.
Severity
Defender Context
This vulnerability affects critical infrastructure sectors like manufacturing and energy, highlighting the importance of patching industrial control systems promptly. Defenders should monitor for any unauthorized command execution attempts on Schneider Electric EcoStruxure workstations and ensure affected systems are updated to version 25.0.1 or later.