Schneider Electric EcoStruxure Power Build Rapsody

Monitor5.3ICS-CERT ICSA-25-023-05Jan 14, 2025

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

EcoStruxure Power Build Rapsody contains a heap-based and stack-based buffer overflow vulnerability in its handling of single-line diagram and bill of material import files. The vulnerability is triggered when a user opens or imports a specially crafted file, allowing a local attacker to execute arbitrary code. Multiple regional versions are affected: Netherlands (up to 2.5.2_NL), France (up to 2.7.1_FR), Spain (up to 2.7.5_ES), and International (up to 2.6.4_INT). Vendor has released patched versions for all regions.

What this means

What could happen

A local attacker with user interaction could exploit a buffer overflow in EcoStruxure Power Build Rapsody to execute arbitrary code on an engineering workstation, potentially compromising switchboard design data and gaining control of the design environment.

Who's at risk

Engineering teams at utilities and manufacturing facilities using Schneider Electric EcoStruxure Power Build Rapsody for switchboard design and configuration are affected. The software is used to create single-line diagrams and generate bills of material for switchgear and electrical distribution equipment. Any organization using affected versions should prioritize patching to prevent unauthorized code execution on design workstations.

How it could be exploited

An attacker crafts a malicious single-line diagram file or bill of material import that triggers a heap or stack buffer overflow when opened in Rapsody. The user must open the file on an affected version for the exploit to execute. Once triggered, the overflow allows arbitrary code execution in the context of the Rapsody process.

Prerequisites

Local or physical access to the engineering workstation running Rapsody
User interaction required: victim must open or import a malicious diagram or bill of material file
Affected version of Rapsody must be installed (versions 2.5.2_NL, 2.7.1_FR, 2.7.5_ES, or 2.6.4_INT or earlier)

Local exploitation only (not remotely exploitable over network)Low complexity attack (requires triggering buffer overflow via file import)User interaction required (victim must open malicious file)Affects design and configuration systems (indirect impact on operations)Memory corruption/buffer overflow vulnerability

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

EcoStruxure Power Build Rapsody≤ 2.5.2 NL; ≤ 2.7.1 FR; ≤ 2.7.5 ES; ≤ 2.6.4 INT2.7.2_NL

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict file imports and design file sharing to trusted sources only; do not open diagram or bill of material files from untrusted parties

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate EcoStruxure Power Build Rapsody to version 2.7.2_NL (Netherlands), 2.7.12_FR (France), 2.7.52_ES (Spain), or 2.8.4_INT (International)

HOTFIXReboot the system after applying the patch

Long-term hardening

0/1

HARDENINGIsolate engineering workstations running Rapsody on a separate network segment with restricted access; limit who can deliver files to design engineers

CVEs (1)

CVE-2024-11139

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d2261221-5838-44ed-a54f-b498e076594a