CVE-2026-2273 is a vulnerability classified under CWE-94, indicating improper control over code generation that leads to code injection. This flaw exists in Schneider Electric's EcoStruxure™ Automation Expert software versions prior to 25.0.1. The vulnerability allows an authenticated user with low privileges to execute arbitrary commands on the engineering workstation by opening a specially crafted malicious project file. The attack vector requires user interaction (opening the file) but does not require elevated privileges or authentication beyond standard user access. The vulnerability can result in a limited compromise of the engineering workstation, potentially cascading to affect the confidentiality, integrity, and availability of the broader industrial control system managed by the software. The CVSS 4.0 base score is 7.2 (high), reflecting the local attack vector, low attack complexity, no need for authentication beyond low privileges, and significant impact on system components. Although no known exploits are currently reported in the wild, the nature of the vulnerability makes it a critical concern for industrial environments where EcoStruxure™ Automation Expert is deployed. The vulnerability highlights the risk of executing untrusted code embedded in project files, emphasizing the need for secure file handling and validation mechanisms within industrial automation software.

The vulnerability could allow attackers to execute arbitrary code on engineering workstations, which are critical components in industrial automation environments. This can lead to unauthorized access, manipulation, or disruption of control systems, potentially causing operational downtime, safety hazards, or data breaches. The compromise of confidentiality could expose sensitive operational data, while integrity violations might result in unauthorized changes to control logic or configurations, leading to unsafe or inefficient system behavior. Availability impacts could disrupt industrial processes, causing financial losses and safety risks. Given the integration of EcoStruxure™ Automation Expert in critical infrastructure and manufacturing sectors worldwide, exploitation could have cascading effects on supply chains and industrial operations. The requirement for user interaction and authentication limits the ease of exploitation but does not eliminate the risk, especially in environments where users may inadvertently open malicious files. Organizations relying on this software face risks of targeted attacks, insider threats, or accidental compromise through social engineering.

1. Immediately upgrade EcoStruxure™ Automation Expert to version 25.0.1 or later where the vulnerability is patched. 2. Implement strict access controls to limit user privileges on engineering workstations, ensuring users operate with the least privilege necessary. 3. Enforce rigorous validation and scanning of project files before opening, including the use of endpoint security solutions capable of detecting malicious code injection attempts. 4. Educate users on the risks of opening untrusted project files and establish policies to verify file sources. 5. Employ network segmentation to isolate engineering workstations from broader corporate and operational networks, reducing potential lateral movement. 6. Monitor engineering workstations for unusual activity or command execution patterns indicative of exploitation attempts. 7. Maintain up-to-date backups of critical project files and configurations to enable recovery in case of compromise. 8. Consider application whitelisting or sandboxing techniques to restrict execution of unauthorized code on engineering workstations.