Schneider Electric EcoStruxure Power Build Rapsody

MonitorCVSS 5.3ICS-CERT ICSA-25-153-02May 13, 2025

Schneider ElectricEnergy

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

EcoStruxure Power Build Rapsody contains a buffer overflow vulnerability (heap-based and stack-based) that can be triggered when opening a specially crafted project file. The vulnerability allows local attackers to execute arbitrary code with user privileges. The vulnerability is not remotely exploitable and requires a user to open a malicious project file. Affected versions are 2.7.12_FR and earlier; the vendor has released a patch in version 2.8.1_FR.

What this means

What could happen

A local attacker with access to a workstation could trigger a buffer overflow in EcoStruxure Power Build Rapsody by opening a malicious project file, allowing them to execute arbitrary code with the privileges of the user running the software.

Who's at risk

Power system engineers and operations staff at electric utilities and large industrial facilities that use Schneider Electric EcoStruxure Power Build Rapsody for switchboard design and bill-of-material generation. The risk is highest for organizations that receive project files from external consultants or contractors.

How it could be exploited

An attacker crafts a malicious EcoStruxure Power Build Rapsody project file with malformed data designed to trigger a heap or stack buffer overflow. The attacker sends this file to an operator or engineer via email or file transfer. When the user opens the malicious project file in EcoStruxure Power Build Rapsody, the buffer overflow is triggered, allowing the attacker to inject and execute arbitrary code on the workstation.

Prerequisites

Local access to the workstation running EcoStruxure Power Build Rapsody
User interaction required to open a malicious project file
Vulnerable software version 2.7.12_FR or earlier must be installed

Low complexity exploitationNo authentication required to open fileUser interaction requiredAffects engineering workstationsSupply chain risk (files may come from untrusted sources)

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

EcoStruxure™ Power Build Rapsody software≤ 2.7.12 FR2.8.1_FR

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDRestrict access to EcoStruxure Power Build Rapsody project files to authorized users only and store them in secure, access-controlled locations

WORKAROUNDInstruct users to open project files only from trusted internal sources and verify file integrity using hash verification before opening

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate EcoStruxure Power Build Rapsody to version 2.8.1_FR or later

HARDENINGUse secure communication protocols (SFTP, encrypted email) when exchanging project files over the network

Long-term hardening

0/1

HARDENINGImplement encryption for project files at rest

CVEs (1)

CVE-2025-3916

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/7a419cfa-c2c8-4308-ad36-ba29e52b6fac

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.