QwikSec

Security Database

CVE

CWE

Training

CVE-2026-2273

Published: Mar 10, 2026

Modified: Mar 10, 2026

PUBLISHED

Description

CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exist that could cause execution of untrusted commands on the engineering workstation which could result in a limited compromise of the workstation and a potential loss of Confidentiality, Integrity and Availability of the subsequent system when an authenticated user opens a malicious project file.

Vendor	Product	Versions
Schneider Electric	EcoStruxure™ Automation Expert	affected `Versions prior to v25.0.1`

Weaknesses (CWE)

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-069-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-069-04.pdf

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.