PatchSiren cyber security CVE debrief
CVE-2026-1226 Schneider Electric CVE debrief
CVE-2026-1226 is a high-severity Schneider Electric EcoStruxure Building Operation issue where maliciously crafted TGML graphics content can cause the application to execute untrusted or unintended code. The advisory identifies vendor fixes for specific Workstation and WebStation releases and recommends access controls, MFA for EBO 7.0 or later, network segmentation, and monitoring if patching is delayed.
- Vendor
- Schneider Electric
- Product
- EcoStruxure Building Operation Workstation
- CVSS
- HIGH 7.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-10
- Original CVE updated
- 2026-02-24
- Advisory published
- 2026-02-10
- Advisory updated
- 2026-02-24
Who should care
OT/ICS defenders, building automation administrators, and asset owners running Schneider Electric EcoStruxure Building Operation Workstation or WebStation, especially environments that process TGML graphics files or allow users to import and manage design content.
Technical summary
According to the CISA-corroborated Schneider Electric advisory, the flaw is an improper control of code generation in EcoStruxure Building Operation Workstation and WebStation. When maliciously crafted design content is processed through a TGML graphics file, the application may execute untrusted or unintended code. The supplied CVSS context indicates local attack conditions with low privileges and user interaction required, but with high confidentiality, integrity, and availability impact.
Defensive priority
High. Apply the vendor fixes as soon as practical, especially where TGML graphics files are handled by production or remotely accessible EBO systems. If immediate patching is not possible, reduce exposure with strict access control, segmentation, MFA where supported, and active monitoring.
Recommended defensive actions
- Upgrade to the vendor-fixed release for your branch: EcoStruxure Building Operation Workstation/WebStation 7.0.2 or later for the 7.0 line, and 6.0.4.7000 (CP5) or later for the 6.0 line, following Schneider Electric's安装
- Download and follow the installation instructions from Schneider Electric's EBO Patch v7.0 or EBO Patch v6.0 package, as applicable to your deployment.
- Restrict system access to authorized personnel only and review user roles and permissions for EBO management interfaces.
- Use multi-factor authentication for EcoStruxure Building Operation version 7.0 or later.
- Segment building management networks with firewalls and limit reachability to workstation/webstation services.
- Monitor system activity for unexpected TGML processing, configuration changes, or other anomalous behavior.
- Follow Schneider Electric EBO hardening guidelines and the linked vendor advisory for additional mitigation details.
Evidence notes
This debrief is based only on the supplied CISA CSAF advisory item and its referenced Schneider Electric security notice. The source states the vulnerability, affected product family, fixed versions, and mitigation guidance. The advisory was originally published on 2026-02-10 and republished by CISA on 2026-02-24. No KEV listing was provided in the corpus.
Official resources
-
CVE-2026-1226 CVE record
CVE.org
-
CVE-2026-1226 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CVE-2026-1226 was published on 2026-02-10 and republished by CISA on 2026-02-24. Use the published date for vulnerability timing context; do not treat later processing or publication activity as the issue date.