Schneider Electric EcoStruxure Power Build Rapsody

Monitor5.3ICS-CERT ICSA-25-153-02May 13, 2025

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Schneider Electric EcoStruxure Power Build Rapsody contains heap-based and stack-based buffer overflow vulnerabilities (CWE-121) in versions 2.7.12_FR and earlier. The software is used to create single-line diagrams, generate bills of material, and manage switchboard specifications. Exploitation requires local access to the workstation and user interaction to open a malicious project file. Successful exploitation could allow arbitrary code execution with the privileges of the user running the application, potentially corrupting project files or modifying switchboard specifications. The vulnerability is not remotely exploitable and no active exploitation has been reported.

What this means

What could happen

A local attacker with access to a workstation running EcoStruxure Power Build Rapsody could exploit memory corruption flaws to execute arbitrary code and modify the switchboard bill of materials or project data. This could lead to incorrect equipment specifications being deployed in electrical switchboards.

Who's at risk

Power system design and engineering teams at utilities, municipalities, and industrial facilities that use EcoStruxure Power Build Rapsody to create single-line diagrams and bill of materials for electrical switchboards. The vulnerability affects engineering workstations only, not field devices or real-time control systems.

How it could be exploited

An attacker must first gain local access to the workstation running EcoStruxure Power Build Rapsody software. They then craft a malicious project file that triggers a heap-based or stack-based buffer overflow when opened. Upon opening the file, arbitrary code execution occurs with the privileges of the user running the application.

Prerequisites

Local access to the workstation running EcoStruxure Power Build Rapsody
User interaction required to open a malicious project file
Software version 2.7.12_FR or earlier

Local exploit onlyUser interaction required (opening a file)Low CVSS score (5.3)Buffer overflow vulnerability allows arbitrary code executionNot actively exploited

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

EcoStruxure™ Power Build Rapsody software≤ 2.7.12 FR2.8.1_FR

Remediation & Mitigation

0/7

Do now

0/3

WORKAROUNDStore project files in secure storage and restrict access to trusted users only

WORKAROUNDOnly open project files received from trusted sources

WORKAROUNDUse secure communication protocols (e.g., encrypted channels) when exchanging project files over the network

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate EcoStruxure Power Build Rapsody to version 2.8.1_FR or later and reboot the workstation

Long-term hardening

0/3

HARDENINGEncrypt project files when stored on disk

HARDENINGCompute and regularly verify file hashes for project files to detect unauthorized modifications

HARDENINGHarden the workstation running EcoStruxure Power Build Rapsody with standard security controls (firewall, antivirus, least privilege accounts)

CVEs (1)

CVE-2025-3916

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/7a419cfa-c2c8-4308-ad36-ba29e52b6fac