Schneider Electric's EcoStruxure™ Automation Expert software is vulnerable to a code injection attack (CVE-2026-2273), which can allow an authenticated user to execute arbitrary commands on the engineering workstation by opening a malicious project file. This vulnerability affects versions prior to v25.0.1 and could lead to full system compromise, impacting confidentiality, integrity, and availability. The code injection flaw arises from improper control of how code is generated or executed within the software environment. Engineers and sysadmins must apply the provided remediation steps immediately to prevent exploitation in both homelab and production environments.
- Schneider Electric EcoStruxure Automation Expert
- Upgrade Schneider Electric EcoStruxure™ Automation Expert to version v25.0.1 or later, available at https://www.se.com/ww/en/product-range/23643079-ecostruxure-automation-expert/
- Store all solution and archive files within the user’s home directory or in a location protected by appropriate Windows file-system access controls.
- Before opening any file, verify its authenticity using hash verification or other integrity checks documented at https://product-help.se.com/EcoStruxure%20Automation%20Expert/25.0/Offer%20Guides/en-US/EAE_UM?t=EAE_UM%2FSolutionIntegrity-FE037ED3.html%3Frhhlterm%3Dundefined%253Frhsearch%253Dundefined&theme=Help
- Implement strict access controls and regularly review user permissions to minimize the risk of unauthorized code execution.
This vulnerability specifically impacts Schneider Electric EcoStruxure™ Automation Expert users, particularly those using versions prior to v25.0.1. The engineering workstation can be compromised if a malicious project file is opened, which may affect any connected industrial control systems or processes configured within the software.