CNNVD-202602-1944 Information

CNNVD ID

CNNVD-202602-1944

Related CVE

CVE-2026-1227

• CNNVD Published: 2026-02-11

Description (Chinese)

Schneider Electric EcoStruxure Building Operation Workstation是法国施耐德电气（Schneider Electric）公司的一个专业操作终端组件。 Schneider Electric EcoStruxure Building Operation Workstation存在代码问题漏洞，该漏洞源于XML外部实体引用限制不当，可能导致本地用户从工作站向EBO服务器上传特制TGML图形文件时造成本地文件未经授权泄露、EBO系统内交互或拒绝服务。

Description (English)

Schneider Electric EcoStruxure Building Operation Works is a professional operating terminal component of Schneider Electric, France. There is a code loophole in Schneider Electric EcoStruxure Building Operations, which stems from inappropriate reference restrictions by external XML entities, which may lead to unauthorized leaking of local documents, interaction within the EBO system or denial of services when a customized TGML graphic file is uploaded from a workstation to an EBO server.

Vulnerability Type

代码问题

Affected Vendor

施耐德电气。

Published

2026-02-11

Last Modified

2026-02-24

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-041-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-041-02.pdf https://access.redhat.com/security/cve/cve-2026-1227

Patch

https://www.se.com/ww/en/