—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Schneider Electric EBO Workstation/WebStation

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Systems Affected

EcoStruxure Building Operation Workstation and WebStation:

CVE-2026-1227: all 7.0.x versions prior to 7.0.3.2000 (CP1) and all 6.x versions prior to 6.0.4.14001 (CP10)

CVE-2026-1226: all 7.0.x versions prior to 7.0.2 and all 6.0.x versions prior to 6.0.4.7000 (CP5)

Overview

XML External Entity (XXE) Injection and Code Injection vulnerabilities affect Schneider Electric’s EcoStruxure Building Operation Workstation and WebStation components. These vulnerabilities can be exploited by a local user to gain unauthorised access, perform Denial of Service or malicious code execution.

Target Audience:

Organizations using Schneider Electric’s EcoStruxure Building Operation for control and management of building systems and devices.

Risk Assessment:

High risk of data disclosure, alteration and service disruption.

Impact Assessment:

Potential High impact on Confidentiality, Integrity and Availability of the System.

Description

EcoStruxure Building Operation (EBO) from Schneider Electric is an open, scalable platform that enables centralized monitoring, control, and management of multiple building systems through a mobile enabled interface.

1. EBO Server XXE Vulnerability ( CVE-2026-1227   )

This vulnerability exists due to improper restriction of the XML External Entity references by the system. A local attacker with low privileges could exploit this vulnerability by uploading a specially crafted TGML graphics file to the EBO server from Workstation. Successful exploitation may allow the attacker to cause unauthorized disclosure of local files, unauthorized interaction within the EBO system, or denial of service conditions.

2. TGML Graphics File Remote Code Execution Vulnerability ( CVE-2026-1226   )

This vulnerability exists due to improper checks and control on user inputs and subsequent code generation by the system. A local attacker with low privileges could exploit this vulnerability by supplying a malicious crafted design content within a TGML graphics file which can cause execution of untrusted or unintended code within the application. Successful exploitation could be leading to system compromise, data manipulation, or disruption of services on the affected system.

Workaround

Schneider Electric recommends to follow the General Mitigations/ workarounds available at:

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-041-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-041-02.pdf

Solution

Upgrade the EBO Workstation and WebStation components affected by CVE-2026-1227:

– From all 7.0.x versions prior to 7.0.3.2000 (CP1) – to the version 7.0.3.2000 (CP1)

– From all 6.x versions prior to 6.0.4.14001 (CP10)- to the version 6.0.4.14001 (CP10)

Upgrade the EBO Workstation and WebStation components affected by CVE-2026-1226:

– From all 7.0.x versions prior to 7.0.2 – to the version 7.0.2

– From all 6.0.x versions prior to 6.0.4.7000 (CP5)- to the version 6.0.4.7000 (CP5)

Vendor Information

Schneider Electric

https://www.se.com/ww/en/work/support/cybersecurity/security-notifications/

References

Schneider Electric

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-041-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-041-02.pdf

CISA

https://www.cisa.gov/news-events/ics-advisories/icsa-26-055-02

CVE Name

CVE-2026-1227

CVE-2026-1226

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmm6mjUACgkQ3jCgcSdc

ys8gFRAAm02cms5DUVRyz3BU5eRkf4dnAmzoVgxevD/HI3y6CUz2pKDXA1DigN9C

NMDO6ulIM/LhKmA8O3YX07TUvaczwio0AHQTYX6FAt8b99y4wVWrYkSUSCSOpZBV

rGlcjkLcNg5c9821SaMtk6COiY7e0J04tfoKTPj961S+gBA/lVs31JFWeGEF5PNP

IgA420W9zB3fjkWLLlB+wEoMCh63sm48W20cSy+nXq8e6FKvtGq5d0KDCdHpzEnm

mJzotCmn5l4fp2WgDa0tKt1LEoU6xqh56Ot/VFWt+RAXGGZQkTfCS76uQgOKG+/o

OY8e8m8ZawKv8g6PKfDPRwRUlH5IoCJ8dC6En/ECrscwwAVb55ZqO7TdO+iGrLv5

UTczyMJa3imvVtxBiKsnZUK2eYvu3VSDNCTiIVHg4WjISJ+AzsIEBAvur1fkii0t

HkHac7pywaIDh9mY4fvryV2f1OHCbHG9xforc2u07xYUBKTdu1IhlfeTZcnV4GZp

UMQRyLOGOQ5C47vF63lR9OB1poB6B176rUZOKa2Fdm1tMN3IaDZDO+q4GaYC21m4

Xlti61K+IZ2EwzeAuOBD0bKbaS35wju8FPpGPL4DEYbOZoUIKSBo5qO6ELD5h94a

tHcjZYlNaBdypMAdfv44P4uJMKFDL+EqwFPqBpJBMHhvZBfQTXM=

=w3vd

—–END PGP SIGNATURE—–