EcoStruxure Power Build Rapsody

Monitor5.3SEVD-2025-133-03May 13, 2025

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

EcoStruxure Power Build Rapsody contains memory corruption and buffer overflow vulnerabilities (heap-based and stack-based) that can be exploited through specially crafted single-line diagram or bill-of-material files. The software is used to design switchboards and generate bills of material including all devices, connections, and mounting components for electrical systems. Successful exploitation requires local access and user interaction but could result in arbitrary code execution with application-level privileges.

What this means

What could happen

An attacker with local access to an engineering workstation running EcoStruxure Power Build Rapsody could exploit memory corruption and buffer overflow flaws to execute arbitrary code with the privileges of the application user. This could allow modification of switchboard designs or bill-of-material data before deployment to physical equipment.

Who's at risk

Energy sector engineers and technicians who use EcoStruxure Power Build Rapsody for switchboard design and bill-of-material generation on engineering workstations should prioritize this update. This affects anyone responsible for designing or validating switchboard configurations used in electric utility substations, distribution systems, or industrial power systems.

How it could be exploited

An attacker must have local access to a workstation running EcoStruxure Power Build Rapsody version 2.7.12 or earlier. The exploit requires user interaction—the attacker would need to trick an engineer into opening a malicious file (likely a single-line diagram or bill-of-material file) that triggers the buffer overflow when parsed by the application, resulting in code execution.

Prerequisites

Local access to the engineering workstation
EcoStruxure Power Build Rapsody version 2.7.12 FR or earlier installed
User interaction required (opening a crafted file)

local access onlyuser interaction requiredlow exploit probability (EPSS 0.1%)affects engineering design tools

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

EcoStruxure™ Power Build Rapsody software≤ 2.7.12 FR2.8.1 FR

Remediation & Mitigation

0/4

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate EcoStruxure Power Build Rapsody to version 2.8.1 FR or later

HOTFIXReboot the affected workstation after installing the patched version

Long-term hardening

0/2

HARDENINGRestrict local access to engineering workstations to authorized personnel only

HARDENINGImplement file integrity monitoring or code signing verification for single-line diagram and bill-of-material files to detect tampering

CVEs (1)

CVE-2025-3916

View full Schneider Electric advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/7e166a9b-0af9-4f50-b7ab-db2c7ea33747