CVE-2026-1227_CVE-2026-1227

7 / 10

HIGH

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized disclosure of local files, interaction within the EBO system, or denial of service conditions when a local user uploads a specially crafted TGML graphics file to the EBO server from Workstation.

Basic Information

ID CVE-2026-1227

Source schneider

Published Feb 11, 2026 at 13:45

Modified Feb 11, 2026 at 14:08

Affected Product

Vendor Schneider Electric

Product EcoStruxure Building Operation Workstation

Version All 7.0.x versions prior to 7.0.3.2000 (CP1)

Affected Versions Schneider Electric EcoStruxure Building Operation Workstation All 7.0.x versions prior to 7.0.3.2000 (CP1)
Schneider Electric EcoStruxure Building Operation Webstation All 6.x versions prior to 6.0.4.14001 (CP10)

CWE Classification

CWE-611

References

download.schneider-electric.com /files

{
    "lastseen": "",
    "description": "CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized disclosure of local files, interaction within the EBO system, or denial of service conditions when a local user uploads a specially crafted TGML graphics file to the EBO server from Workstation.",
    "published": "2026-02-11T13:45:51.675Z",
    "modified": "2026-02-11T14:08:24.750Z",
    "type": "cve",
    "title": "CVE-2026-1227",
    "source": "schneider",
    "references": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-041-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-041-02.pdf",
    "id": "CVE-2026-1227",
    "bulletinFamily": "",
    "cwe": [
        "CWE-611"
    ],
    "cvelist": null,
    "sourceData": "Schneider Electric EcoStruxure Building Operation Workstation All 7.0.x versions prior to 7.0.3.2000 (CP1)\nSchneider Electric EcoStruxure Building Operation Webstation All 6.x versions prior to 6.0.4.14001 (CP10)",
    "sourceHref": "",
    "cvss": {
        "score": 7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "EcoStruxure Building Operation Workstation",
    "version": "All 7.0.x versions prior to 7.0.3.2000 (CP1)",
    "vendor": "Schneider Electric",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}