HOMEVULNERABILITIESCVE-2026-2273
HIGH

CVE-2026-2273

CWE-94Published: March 10, 2026· Updated: Mar 11, 2026

7.2
CVSS v3.1
EPSS:0.02%probability of exploitation in 30 daysPercentile:5.9th

Official Description

CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exist that could cause execution of untrusted commands on the engineering workstation which could result in a limited compromise of the workstation and a potential loss of Confidentiality, Integrity and Availability of the subsequent system when an authenticated user opens a malicious project file.

NVD Source

Technical Analysis

CVE-2026-2273 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires low privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorLocal
Attack ComplexityLow
Privileges Req.Low
User InteractionA
ScopeX
Impact
Confidentiality
Integrity
Availability
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:L/VI:H/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

News & Research Mentioning CVE-2026-2273

Schneider Electric EcoStruxure Automation Expert
CISA Alerts· Mar 19, 2026

View CSAF Summary Schneider Electric is aware of a vulnerability in its EcoStruxure™ Automation Expert product. The EcoStruxure™ Automation Expert product is plant automation software designed for digital control systems in discrete, hybrid and continuous industrial processes. A totally integrated automation solution designed to enhance your flexibility, efficiency and scalability. Failure to apply the remediation provided below may risk execution of arbitrary commands on the engineering workstation, which could result in a potential compromise of full system. The following versions of Schneider Electric EcoStruxure Automation Expert are affected: EcoStruxure™ Automation Expert vers:intdot/<25.0.1, 25.0.1 CVSS Vendor Equipment Vulnerabilities v3 8.2 [xlite_meta score:73 src:CISA Alerts xlite_fp:b30fae0691f0aa41ca4c236d130b54654e4f1875c5a1c60c997795366b11c090]

All References (1)

Quick Facts

CVE IDCVE-2026-2273
CVSS Score7.2 / 10
SeverityHIGH
WeaknessCWE-94
CISA KEVNo
EPSS (30d)0.02%
PublishedMar 10, 2026

Known Threat Actors

Conti
financial
RU
wa
financial
aware
financial
conti
financial
core
financial

Related CVEs (CWE-94)

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-2273 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.