Schneider Electric EcoStruxure Building Operation Workstation
Plan Patch7.3ICS-CERT ICSA-26-055-02Feb 10, 2026
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionRequired
Summary
Schneider Electric has identified vulnerabilities (CWE-611: XML injection, CWE-94: Code injection) in EcoStruxure Building Operation Workstation and WebStation versions 6.x and 7.0.x. These vulnerabilities allow an attacker with local access to the workstation to read sensitive local files or cause denial of service. Affected versions: Workstation and WebStation 6.x (prior to 6.0.4.14001_CP10), and 7.0.x (prior to 7.0.3.2000_CP1). A separate vulnerability (CVE-2026-1226) affects 7.0.x versions prior to 7.0.2. The application is used to manage building systems and deliver data for energy and facility management decision-making.
What this means
What could happen
An attacker with local access to a workstation running EcoStruxure Building Operation could read sensitive files or crash the application, potentially disrupting building control operations and exposing confidential data about HVAC, lighting, and other building systems.
Who's at risk
Building automation and facility management operators using Schneider Electric EcoStruxure Building Operation software (Workstation or WebStation versions 6.x and 7.0.x) in energy and critical infrastructure sectors such as utilities, data centers, hospitals, and commercial buildings. Anyone managing HVAC, lighting, security, and energy systems through this platform should be aware of this vulnerability.
How it could be exploited
An attacker with a user account on the building operator's workstation could exploit XML/code injection vulnerabilities (CWE-611, CWE-94) to read arbitrary files from the system or execute commands that cause the application to crash, disrupting building operations.
Prerequisites
- Local access to a workstation running EcoStruxure Building Operation Workstation or WebStation
- Valid user credentials on the affected workstation
- User interaction required (UI action needed to trigger the vulnerability)
Low complexity to exploitUser interaction requiredLocal access only (reduces remote attack risk)No known public exploitation yetAffects building automation and critical building systems
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (8)
8 with fix
ProductAffected VersionsFix Status
EcoStruxure Building Operation Workstation All 7.0.x≥ 7.0.x, < 7.0.3.2000 (CP1)7.0.3.2000_CP1
EcoStruxure Building Operation Workstation All 7.0.x≥ 7.0.x, < 7.0.27.0.3.2000_CP1
EcoStruxure Building Operation Workstation All 6.x≥ 6.x, < 6.0.4.14001 (CP10)7.0.3.2000_CP1
EcoStruxure Building Operation WebStation All 7.0.x≥ 7.0.x, < 7.0.3.2000 (CP1)7.0.3.2000_CP1
EcoStruxure Building Operation WebStation All 6.x≥ 6.x, < 6.0.4.14001 (CP10)7.0.3.2000_CP1
EcoStruxure Building Operation Workstation All 6.0.x≥ 6.0.x, < 6.0.4.7000 (CP5)7.0.3.2000_CP1
EcoStruxure Building Operation Webstation All 7.0.x≥ 7.0.x, < 7.0.27.0.3.2000_CP1
EcoStruxure Building Operation Webstation All 6.0.x≥ 6.0.x, < 6.0.4.7000 (CP5)7.0.3.2000_CP1
Remediation & Mitigation
0/4
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HOTFIXUpdate EcoStruxure Building Operation Workstation and WebStation to version 7.0.3.2000 (CP1) for version 7.0.x systems, or 6.0.4.14001 (CP10) for version 6.0.x systems
HOTFIXUpdate EcoStruxure Building Operation Workstation and WebStation to version 7.0.2 for systems running version 7.0.x (CVE-2026-1226 fix)
Long-term hardening
0/2HARDENINGFollow Schneider Electric EcoStruxure Building Operation hardening guidelines to implement defense-in-depth controls
HARDENINGRestrict local user account access to workstations running EcoStruxure Building Operation to authorized personnel only
CVEs (2)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/141fba85-9ba5-4f53-98a0-1d9c727f3a0e