{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1226", "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "state": "PUBLISHED", "assignerShortName": "schneider", "dateReserved": "2026-01-20T12:38:21.548Z", "datePublished": "2026-02-11T13:49:45.465Z", "dateUpdated": "2026-02-11T14:07:27.708Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "EcoStruxure Building Operation Workstation", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "All 7.0.x versions prior to 7.0.2"}]}, {"defaultStatus": "unaffected", "product": "EcoStruxure Building Operation Webstation", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "All 6.0.x versions prior to 6.0.4.7000 (CP5)"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "CWE\u201194: Improper Control of Generation of Code vulnerability exists that could cause execution of untrusted or unintended code within the application when maliciously crafted design content is processed through a TGML graphics file."}], "value": "CWE\u201194: Improper Control of Generation of Code vulnerability exists that could cause execution of untrusted or unintended code within the application when maliciously crafted design content is processed through a TGML graphics file."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 7, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider", "dateUpdated": "2026-02-11T13:49:45.465Z"}, "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-041-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-041-02.pdf"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-11T14:07:20.670514Z", "id": "CVE-2026-1226", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-11T14:07:27.708Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1226", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-11T14:07:20.670514Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-11T14:07:23.696Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Schneider Electric", "product": "EcoStruxure Building Operation Workstation", "versions": [{"status": "affected", "version": "All 7.0.x versions prior to 7.0.2"}], "defaultStatus": "unaffected"}, {"vendor": "Schneider Electric", "product": "EcoStruxure Building Operation Webstation", "versions": [{"status": "affected", "version": "All 6.0.x versions prior to 6.0.4.7000 (CP5)"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-041-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-041-02.pdf"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "CWE\u201194: Improper Control of Generation of Code vulnerability exists that could cause execution of untrusted or unintended code within the application when maliciously crafted design content is processed through a TGML graphics file.", "supportingMedia": [{"type": "text/html", "value": "CWE\u201194: Improper Control of Generation of Code vulnerability exists that could cause execution of untrusted or unintended code within the application when maliciously crafted design content is processed through a TGML graphics file.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider", "dateUpdated": "2026-02-11T13:49:45.465Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1226", "state": "PUBLISHED", "dateUpdated": "2026-02-11T14:07:27.708Z", "dateReserved": "2026-01-20T12:38:21.548Z", "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "datePublished": "2026-02-11T13:49:45.465Z", "assignerShortName": "schneider"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "CWE\u201194: Improper Control of Generation of Code vulnerability exists that could cause execution of untrusted or unintended code within the application when maliciously crafted design content is processed through a TGML graphics file."}, {"lang": "es", "value": "CWE?94: Improper Control of Generation of Code existe una vulnerabilidad que podr\u00eda causar la ejecuci\u00f3n de c\u00f3digo no confiable o no intencionado dentro de la aplicaci\u00f3n cuando contenido de dise\u00f1o manipulado maliciosamente es procesado a trav\u00e9s de un archivo gr\u00e1fico TGML."}], "id": "CVE-2026-1226", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cybersecurity@se.com", "type": "Secondary"}]}, "published": "2026-02-11T14:16:01.973", "references": [{"source": "cybersecurity@se.com", "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-041-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-041-02.pdf"}], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "cybersecurity@se.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[6.0.0,6.0.4.7000)"}}], "product": "ecostruxure_building_operation_webstation", "vendor": "schneider-electric"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.0.0,7.0.2)"}}], "product": "ecostruxure_building_operation_workstation", "vendor": "schneider-electric"}], "analysis": {"en": {"generated_at": "2026-04-17T20:21:13.235389+00:00", "value": {"mitigation_remediation": ["Apply a vendor\u2011provided patch or upgrade to a version that fixes the code\u2011generation control weakness.", "Limit the ability to upload or process TGML files to privileged or monitored accounts only.", "Sandbox or otherwise isolate the code\u2011generation component so that any executed code runs with minimal privileges.", "If a patch or isolation is not yet available, monitor for and block the transmission of suspicious TGML files in the network traffic to the application.", "Consider disabling the TGML graphics feature until a fix is applied if the feature is non\u2011essential."], "summary": {"action": "Patch Immediately", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The affected products are Schneider Electric's EcoStruxure Building Operation Webstation and Workstation. No specific version information is listed, so any deployed instance of these products that processes TGML files may be vulnerable.", "description_and_impact": "An improper control of code generation flaw allows a maliciously crafted TGML graphics file to cause the EcoStruxure Building Operation application to execute unintended code. The vulnerability can lead to arbitrary code execution within the application process, potentially enabling attackers to read or modify data, hijack system controls, or compromise the host whose application generates code from TGML content.", "risk_and_exploitability": "The vulnerability carries a CVSS score of 7, indicating medium-to-high severity. The EPSS score is below 1\u202f% and it is not listed in CISA's KEV catalog, suggesting that exploit activity is not widespread yet. Attackers would exploit the flaw by supplying a crafted TGML file to the application, either via a local user with file\u2011upload rights or potentially through a remote web interface if that capability exists. Successful exploitation could lead to full execution of untrusted code within the application, entailing significant confidentiality, integrity, and availability risks."}}}}, "created": "2026-02-11T21:38:10.487671+00:00", "title": "Malicious TGML File Allows Untrusted Code Execution in EcoStruxure Building Operation", "updated": "2026-04-17T20:30:15.808714+00:00", "vendors": ["schneider-electric", "schneider-electric$PRODUCT$ecostruxure_building_operation_webstation", "schneider-electric$PRODUCT$ecostruxure_building_operation_workstation"]}