OTPulse
FeedAboutContact

EcoStruxure™ Power Build Rapsody

Monitor5.3SEVD-2025-014-09Jan 14, 2025
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

EcoStruxure™ Power Build Rapsody contains a buffer overflow vulnerability (CWE-119) that could allow a local attacker to execute arbitrary code. The software is used to design single-line diagrams and generate bills of material for electrical switchboards. The vulnerability affects versions NL ≤2.5.2, FR ≤2.7.1, ES ≤2.7.5, and INT ≤2.6.4. Schneider Electric has released patched versions: NL v2.7.2, FR v2.7.12, ES v2.7.52, and INT v2.8.4.

What this means
What could happen
A local attacker could exploit a buffer overflow in EcoStruxure™ Power Build Rapsody to execute arbitrary code on an engineering workstation, potentially compromising the integrity of switchboard designs and bill-of-materials data used in electrical distribution systems.
Who's at risk
Electrical utilities and distribution equipment manufacturers who use EcoStruxure™ Power Build Rapsody on engineering workstations to design switchboards and generate bills of materials. Primarily affects IT staff and electrical engineers responsible for switchboard specification and procurement.
How it could be exploited
An attacker with local access to a workstation running EcoStruxure™ Power Build Rapsody could craft a malicious input file (single-line diagram import or local data) that triggers a heap or stack-based buffer overflow, leading to arbitrary code execution with the privileges of the user running the application.
Prerequisites
  • Local access to a workstation running EcoStruxure™ Power Build Rapsody
  • User interaction required to open or import a malicious diagram or data file
  • Vulnerable version installed (NL ≤2.5.2, FR ≤2.7.1, ES ≤2.7.5, INT ≤2.6.4)
Local access only (not remotely exploitable)User interaction requiredLow complexity attackAffects engineering/design process
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
EcoStruxure™ Power Build Rapsody≤ 2.5.2 NL; ≤ 2.7.1 FR; ≤ 2.7.5 ES; ≤ 2.6.4 INT2.7.2 NL
Remediation & Mitigation
0/4
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate EcoStruxure™ Power Build Rapsody to version 2.7.2 (NL), 2.7.12 (FR), 2.7.52 (ES), or 2.8.4 (INT) or later
HOTFIXReboot the system after installing the patched version
Long-term hardening
0/2
HARDENINGRestrict local access to engineering workstations running EcoStruxure™ Power Build Rapsody to authorized personnel only
HARDENINGImplement controls to validate and scan imported diagram and data files from untrusted sources before opening in the application
View full Schneider Electric advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/37c5ab82-acf6-4e7e-a627-376e09b41afb
EcoStruxure™ Power Build Rapsody | CVSS 5.3 - OTPulse