Schneider Electric EcoStruxure Power Build Rapsody (Update A)
Plan Patch7.8ICS-CERT ICSA-26-015-10Jan 13, 2026
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary
EcoStruxure Power Build Rapsody software contains heap-based and stack-based buffer overflow vulnerabilities in its file parsing logic. The software is used to create and manage single-line diagrams and bill-of-materials lists for electrical switchboards. A local attacker who can provide a malformed input file could trigger memory corruption and potentially execute arbitrary code with the privileges of the application process. The vulnerability affects multiple language and regional variants of versions up to 2.8.x. All major variants have fixes available, though BEL (Belgium) versions require customer support contact.
What this means
What could happen
A local attacker with file access to the engineering workstation could cause memory corruption or buffer overflow, potentially executing arbitrary code with the privileges of the software process.
Who's at risk
Energy sector utilities and contractors using EcoStruxure Power Build Rapsody software to design or manage electrical switchboard systems. This affects engineering workstations where single-line diagrams and bill-of-materials files are created or imported. Staff responsible for switchboard design, procurement, and documentation are at risk if they open malicious files.
How it could be exploited
An attacker with access to the local system (physical or network-based, e.g., via compromised account) could supply a malformed file or input to EcoStruxure Power Build Rapsody, triggering a heap or stack buffer overflow that allows code execution. This would require interaction with the software (opening a malicious file).
Prerequisites
- Local or remote access to the engineering workstation running EcoStruxure Power Build Rapsody
- User action required to open or import a malicious file
- Affected software version must be running (2.8.x and prior)
Local code execution possibleRequires user interaction (file open)Memory corruption / buffer overflowAffects engineering design systemsLow complexity attack
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (12)
12 with fix
ProductAffected VersionsFix Status
EcoStruxure Power Build Rapsody software FR 2.8.1 and prior≤ 2.8.1 FR2.8.1.0401_FR
EcoStruxure Power Build Rapsody software INT 2.8.6 and prior≤ 2.8.6 INT2.8.1.0401_FR
EcoStruxure Power Build Rapsody software ES 2.8.5 and prior≤ 2.8.5 ES2.8.1.0401_FR
EcoStruxure Power Build Rapsody software BEL(NL) 2.8.3 and prior≤ 2.8.3 BEL(NL)2.8.1.0401_FR
EcoStruxure Power Build Rapsody software BEL(FR) 2.8.8 and prior≤ 2.8.8 BEL(FR)2.8.1.0401_FR
EcoStruxure Power Build Rapsody software FR 2.8.1.0300 and prior≤ 2.8.1.0300 FR2.8.1.0401_FR
EcoStruxure Power Build Rapsody software ES 2.8.5.0200 and prior≤ 2.8.5.0200 ES2.8.1.0401_FR
EcoStruxure Power Build Rapsody software PT 2.8.7.0100 and prior≤ 2.8.7.0100 PT2.8.1.0401_FR
Remediation & Mitigation
0/5
Do now
0/1WORKAROUNDRestrict file import or opening of single line diagrams and bill of materials to trusted sources only; train users not to open files from untrusted sources
Schedule — requires maintenance window
0/3Patching may require device reboot — plan for process interruption
HOTFIXUpdate EcoStruxure Power Build Rapsody to fixed versions: FR 2.8.1.0401 or later, INT 2.8.6.200 or later, ES 2.8.5.0301 or later, PT 2.8.7.0101 or later, INT(EN) 2.8.4.0401 or later, NL 2.8.2.0001 or later
HOTFIXFor BEL(NL) and BEL(FR) versions, contact Schneider Electric Customer Care Center to obtain fixed versions 2.8.3.0201 or 2.8.8.0201
HOTFIXRestart the EcoStruxure Power Build Rapsody service after installing the updated version
Long-term hardening
0/1HARDENINGImplement file integrity monitoring or endpoint protection on engineering workstations running this software to detect unauthorized changes
CVEs (2)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/fe021a99-9b1e-4057-9dfe-e427915fa32a