XXE in Schneider Electric Ecostruxure Building Operation Webstation
CVE-2026-1227
CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized disclosure of local files, interaction within the EBO system, or denial of service conditions when a local user uploads a spe…
Vulnerability class: XXE (XML External Entity)
EPSS: 0.001 (1.3th percentile) — read the EPSS interpretation.
Affected products
- Schneider Electric Ecostruxure Building Operation Webstation — versions All 6.x versions prior to 6.0.4.14001 (CP10)
- Schneider Electric Ecostruxure Building Operation Workstation — versions All 7.0.x versions prior to 7.0.3.2000 (CP1)