CVE-2026-1227

Summary

CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized disclosure of local files, interaction within the EBO system, or denial of service conditions when a local user uploads a specially crafted TGML graphics file to the EBO server from Workstation.

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricEcoStruxure Building Operation WorkstationAll 7.0.x versions prior to 7.0.3.2000 (CP1)affected
Schneider ElectricEcoStruxure Building Operation WebstationAll 6.x versions prior to 6.0.4.14001 (CP10)affected

Weaknesses

  • CWE-611: CWE-611 Improper Restriction of XML External Entity Reference

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References