Critical Code Injection Vulnerability (CVE‑2026‑2273) in Schneider Electric EcoStruxure Automation Expert Threatens Industrial Control Workstations
What It Is – Schneider Electric disclosed an improper control of code generation flaw (CVE‑2026‑2273) in EcoStruxure Automation Expert, its plant‑automation suite. The defect allows an attacker to inject and execute arbitrary commands on the engineering workstation that configures the control system.
Exploitability – The vulnerability is rated CVSS v3.1 8.2 (High). No public exploit code has been observed, but the advisory notes that exploitation is feasible by an adversary with access to the engineering workstation or the ability to deliver malicious project files.
Affected Products – EcoStruxure Automation Expert versions < 25.0.1 and 25.0.1 (all deployment models).
TPRM Impact – A compromised engineering workstation can be used to alter PLC logic, exfiltrate process data, or disrupt production, creating a supply‑chain risk for any organization that relies on Schneider’s automation platform.
Recommended Actions –
- Apply Schneider’s remediation patch immediately (see CISA advisory).
- Restrict network access to engineering workstations; enforce least‑privilege and multi‑factor authentication.
- Conduct a forensic review of all recent project files and configuration changes.
- Update incident‑response playbooks to include code‑injection scenarios for industrial control systems.
- Verify that third‑party integrators and service providers have applied the same fixes.
Source: CISA Advisory – ICSA‑26‑078‑03