PatchSiren cyber security CVE debrief
CVE-2026-2273 Schneider Electric CVE debrief
CVE-2026-2273 is a Schneider Electric EcoStruxure Automation Expert code-injection issue that can run untrusted commands on an engineering workstation when an authenticated user opens a malicious project file. The vendor says this can cause a limited compromise of the workstation and downstream confidentiality, integrity, and availability impact on connected systems. Schneider Electric states that version v25.0.1 contains the fix and provides mitigations for customers who cannot patch immediately.
- Vendor
- Schneider Electric
- Product
- EcoStruxureâ„¢ Automation Expert
- CVSS
- HIGH 8.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-10
- Original CVE updated
- 2026-03-19
- Advisory published
- 2026-03-10
- Advisory updated
- 2026-03-19
Who should care
OT/ICS teams, control engineers, and administrators responsible for Schneider Electric EcoStruxure Automation Expert engineering workstations, especially in shared or multi-user Windows environments.
Technical summary
The advisory classifies the issue as CWE-94 and ties exploitation to opening a malicious solution or archive/project file as an authenticated user. In affected versions before v25.0.1, that file interaction can trigger execution of untrusted commands on the engineering workstation, with possible impact to the workstation and subsequent systems.
Defensive priority
High priority: patch engineering workstations before continuing routine file-sharing or project-import workflows, because exploitation is user-interaction-dependent but can affect both the workstation and connected systems.
Recommended defensive actions
- Upgrade EcoStruxure Automation Expert to v25.0.1, which the vendor says includes the fix.
- If you cannot patch immediately, store solution and archive files in the user's home directory or another Windows location protected by restrictive file-system access controls.
- Apply restrictive Windows permissions to any shared or non-home directories that hold solution or archive files.
- Verify the authenticity and integrity of any solution or archive file before opening it, especially in multi-user environments.
- Review OT engineering workstation access and limit who can place or modify project files in shared locations.
Evidence notes
CISA advisory ICSA-26-078-03 for CVE-2026-2273 was published on 2026-03-10 and republished on 2026-03-19 as a republication of Schneider Electric advisory SEVD-2026-069-04. The source explicitly identifies CWE-94, describes command execution on the engineering workstation after an authenticated user opens a malicious project file, and states that v25.0.1 contains the fix. The advisory also includes mitigation guidance focused on file location controls, Windows permissions, and authenticity checks.
Official resources
-
CVE-2026-2273 CVE record
CVE.org
-
CVE-2026-2273 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CVE-2026-2273 was published on 2026-03-10 and modified on 2026-03-19; CISA republished the Schneider Electric advisory on 2026-03-19.