Vulnerability Details CVE-2026-2273
CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exist that could cause execution of untrusted commands on the engineering workstation which could result in a limited compromise of the workstation and a potential loss of Confidentiality, Integrity and Availability of the subsequent system when an authenticated user opens a malicious project file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 13.4%
CVSS Severity
CVSS v3 Score 8.2
Products affected by CVE-2026-2273
-
cpe:2.3:a:schneider-electric:ecostruxure_automation_expert:-