Engineering Workstation Vulnerability: Malicious Files Can Execute Untrusted Commands

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.2

Engineering Workstation Vulnerability: Malicious Files Can Execute Untrusted Commands

CVE-2026-2273

Summary

An attacker can create a malicious project file to execute unauthorized commands on the engineering workstation, potentially compromising the workstation and causing data loss. This could happen when an authenticated user opens the malicious file. To mitigate this risk, ensure that only trusted project files are opened and consider implementing additional security measures to validate user input.

Original title

Original description

CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exist that could cause execution of untrusted commands on the engineering workstation which could result in a limited compromise of the workstation and a potential loss of Confidentiality, Integrity and Availability of the subsequent system when an authenticated user opens a malicious project file.

nvd CVSS4.0 7.2

Vulnerability type

CWE-94 Code Injection

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-069-04&p_enDoc...

Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026