Schneider Electric EcoStruxure Power Build Rapsody

Monitor5.3ICS-CERT ICSA-25-135-20May 15, 2025

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

A stack-based buffer overflow vulnerability in EcoStruxure Power Build Rapsody allows an attacker to execute arbitrary code on a workstation running the software. The vulnerability is triggered when a malformed project file is opened, allowing code execution with the privileges of the user opening the file.

What this means

What could happen

An attacker could run arbitrary code on an engineering workstation running EcoStruxure Power Build Rapsody, potentially allowing modification or deletion of power system designs, control logic, or safety configurations before they are deployed to field devices.

Who's at risk

Engineering teams at energy utilities and industrial facilities using EcoStruxure Power Build Rapsody for power system design and automation. This affects workstations where design engineers develop control logic and configurations that are later deployed to substations, switchgear, and power distribution systems.

How it could be exploited

An attacker crafts a malicious project file and tricks an engineer into opening it on a workstation running EcoStruxure Power Build Rapsody. When the file is opened, the buffer overflow is triggered, allowing the attacker to execute arbitrary code with the privileges of the engineer.

Prerequisites

EcoStruxure Power Build Rapsody version 2.7.12_FR or earlier must be installed on the target workstation
A user must be socially engineered or tricked into opening a malicious project file
The attacker must be able to deliver the malicious file to the engineering workstation (via email, USB, file share, etc.)

low complexity exploitationuser interaction required (must open malicious file)affects engineering workstations with access to power system designsbuffer overflow vulnerability is a well-known attack vector

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

EcoStruxure Power Build Rapsody: <=v2.7.12_FR≤ v2.7.12 FRv2.8.2 FR

Remediation & Mitigation

0/8

Do now

0/4

HARDENINGRestrict access to project files to trusted users only and store them in secure locations

WORKAROUNDCompute and regularly verify file hashes of project files before opening them to detect tampering

HARDENINGTrain engineers to only open project files from trusted sources and to be suspicious of unexpected file deliveries

WORKAROUNDScan all removable media (USB drives, CDs) with antivirus before use on engineering workstations

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpdate EcoStruxure Power Build Rapsody to version v2.8.2 FR or later

HARDENINGEncrypt project files when stored on disk

HARDENINGUse secure communication protocols (TLS/HTTPS) when exchanging project files over the network

Long-term hardening

0/1

HARDENINGIsolate engineering workstations from business networks and the internet behind firewalls

CVEs (1)

CVE-2025-3916

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b91ff42c-fe77-4b36-8492-e5b4190f48c7