Schneider Electric EcoStruxure Power Build-Rapsody (Update A)

Risk Summary

Successful exploitation of this vulnerability could allow a local attacker to upload a malicious SSD file, resulting in a use-after-free condition or a stack-based buffer overflow.

CVEs (2)

Remediations

• Schneider Electric reports fixes will be available in the first half of 2021. Until then, Schneider recommends affected users immediately apply the following mitigations to reduce the risk of exploit:
• Apply the principle of least privilege to limit access to the computer running the Rapsody software.
• Install application whitelisting software on the computer to block the execution of malicious code.
• Install antivirus on the computer and keep it up to date.
• All updates, including details on affected products and remediation plans, can be found by subscribing to Schneider Electric's security notification service.
• For more information see the Schneider Electric advisory.

Affected Vendors

Affected Products (1)

Affected Sectors

Commercial Facilities, Energy, Food and Agriculture, Government Facilities, Transportation Systems, Water and Wastewater Systems