Schneider Electric EcoStruxure Power Build Rapsody

MonitorCVSS 5.3ICS-CERT ICSA-25-135-20May 13, 2025

Schneider ElectricEnergy

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Schneider Electric EcoStruxure Power Build Rapsody contains a stack-based buffer overflow (CWE-121) that could allow an attacker to execute arbitrary code. Versions 2.7.12 FR and earlier are affected. The vulnerability requires local access and user interaction—an attacker would need to trick a user into opening a malicious project file.

What this means

What could happen

An attacker could execute arbitrary code on the engineering workstation running Rapsody, potentially modifying power distribution designs or compromising the integrity of electrical system documentation before deployment to substations and switchyards.

Who's at risk

Energy utilities and integrators who use EcoStruxure Power Build Rapsody for electrical design and engineering work, particularly those in substations, switchyards, and power distribution. Engineering teams designing medium- and high-voltage electrical systems are most affected.

How it could be exploited

An attacker crafts a malicious Rapsody project file and sends it to an engineer via email or file sharing. When the engineer opens the file in Rapsody version 2.7.12 FR or earlier, the buffer overflow is triggered, allowing the attacker to run code with the privileges of the engineering user account.

Prerequisites

Local access to the workstation running Rapsody (direct or via remote desktop)
User must open a malicious project file
Vulnerable version (2.7.12 FR or earlier) must be installed

low complexity attackuser interaction requiredaffects engineering design process for power systems

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

EcoStruxure™ Power Build Rapsody software≤ 2.7.12 FR2.8.1 FR

EcoStruxure Power Build Rapsody: <=v2.7.12_FR≤ v2.7.12 FRv2.8.2 FR

Remediation & Mitigation

0/6

Do now

0/2

HARDENINGRestrict read/write access to Rapsody project files to only trusted engineering staff

WORKAROUNDEnforce a policy that engineers only open project files from known trusted sources; verify files before opening

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpdate EcoStruxure Power Build Rapsody to version 2.8.2 FR

HARDENINGEnable file encryption for stored Rapsody project files

HARDENINGImplement file integrity monitoring—compute and regularly verify hashes of project files to detect tampering

Long-term hardening

0/1

HARDENINGIsolate the Rapsody engineering workstation from business networks and the internet

CVEs (1)

CVE-2025-3916

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b91ff42c-fe77-4b36-8492-e5b4190f48c7

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.