EcoStruxure Power Build - Rapsody

Plan Patch7.8SEVD-2021-012-02Jan 12, 2021

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

EcoStruxure Power Build - Rapsody contains multiple vulnerabilities related to unrestricted file handling (CWE-434) that could allow remote code execution. The product is used for configuration and quotation of Prisma switchboards. Exploitation could result in code execution with engineer privileges, leading to credential theft, data exfiltration, and business disruption.

What this means

What could happen

An attacker could execute arbitrary code on an engineer's workstation running EcoStruxure Power Build - Rapsody, potentially compromising the engineer's credentials, stealing switchboard configuration data, and disrupting business operations through malware deployment.

Who's at risk

Electrical engineers and technicians at utilities and industrial sites who use EcoStruxure Power Build - Rapsody to configure and quote Prisma switchboards are at risk. This affects organizations managing low-voltage electrical distribution systems and switchboard projects.

How it could be exploited

An attacker could trick an engineer into opening a malicious file (CWE-434: unrestricted file upload/arbitrary file execution) on a computer with EcoStruxure Power Build - Rapsody installed. The application would then execute the attacker's code with the privileges of the logged-in engineer.

Prerequisites

Windows workstation with EcoStruxure Power Build - Rapsody installed (versions prior to V2.1.13)
An engineer must open a malicious file crafted by the attacker (requires user interaction)

Low complexity attackUser interaction requiredCould compromise engineer credentials and sensitive configuration data

Exploitability

Moderate exploit probability (EPSS 1.4%)

Affected products (1)

ProductAffected VersionsFix Status

EcoStruxure Power Build: Rapsody Software <V2.1.13<V2.1.13V2.1.13

Remediation & Mitigation

0/3

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate EcoStruxure Power Build - Rapsody to version V2.1.13 or later

Long-term hardening

0/2

HARDENINGEducate engineers on the risks of opening files from untrusted sources or unexpected emails

HARDENINGRestrict file permissions on workstations running EcoStruxure Power Build - Rapsody to minimize the impact of code execution

CVEs (2)

CVE-2021-22697 CVE-2021-22698

View full Schneider Electric advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/213eeef1-1536-409e-93b9-ad3ebfb8131e