Schneider Electric EcoStruxure Power Build-Rapsody (Update A)

Monitor7.8ICS-CERT ICSA-21-012-01Jan 12, 2021

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

EcoStruxure Power Build-Rapsody versions 2.1.13 and earlier contain a vulnerability in SSD file processing that can result in a use-after-free condition or stack-based buffer overflow when a malicious SSD file is uploaded. Successful exploitation could allow local code execution.

What this means

What could happen

An attacker with local access to the engineering workstation could upload a malicious SSD file that triggers a buffer overflow or use-after-free condition, potentially allowing code execution that could alter power system models or simulation results used to configure your electrical infrastructure.

Who's at risk

Electrical utility engineers and power system design teams using Schneider Electric EcoStruxure Power Build-Rapsody software for modeling and simulation. This affects the engineering/design phase of electrical distribution and generation systems.

How it could be exploited

An attacker with access to the computer running Rapsody software could craft a malicious SSD (Rapsody project) file and upload it to the application. The overflow or use-after-free condition in the file parser could allow the attacker to execute arbitrary code in the context of the Rapsody process.

Prerequisites

Local access to the computer running EcoStruxure Power Build-Rapsody
Ability to interact with the Rapsody application interface (no special credentials mentioned)
User action required to open or process the malicious SSD file

Local access required (not remotely exploitable)User interaction required to triggerNo patch currently availableAffects power system planning/design toolsCode execution possible

Exploitability

Moderate exploit probability (EPSS 1.4%)

Affected products (1)

ProductAffected VersionsFix Status

EcoStruxure Power Build-Rapsody software:≤ 2.1.13No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGApply the principle of least privilege to restrict user access to the computer running Rapsody software

WORKAROUNDInstall application whitelisting software to block execution of malicious code

HARDENINGInstall and keep antivirus software up to date on the Rapsody workstation

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXWhen a vendor patch becomes available, apply it to EcoStruxure Power Build-Rapsody

Mitigations - no patch available

0/1

EcoStruxure Power Build-Rapsody software: has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGIsolate the Rapsody engineering workstation from the business network and internet

CVEs (2)

CVE-2021-22697 CVE-2021-22698

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/998a4ac3-93ce-4272-ad7c-6ea3dbda2a08