The vulnerabilities reported on XDemill and XMilI are triggered through the execution of a malicious script on the engineering workstation, or when loading a specially crafted project file into the engineering tool. The successful exploitation of these vulnerabilities may lead to code execution with elevated privileges on the engineering workstation.

Risk Information

  • CVE ID
  • CVE-2022-26507
  • Vendor
  • Schneider Electric
  • Product
  • AT&T Compressor (XMilI), Decompressor (XDemill)
  • CVSS v3
  • n/a