← Back to home
ICSA-25-023-05  ·  Published 2025-05-13  ·  View on CISA ICS-CERT ↗

Schneider Electric EcoStruxure Power Build Rapsody

CVSS 5.3 MEDIUM

CVEs (1)

Remediations

  • Version NL v2.7.2 of EcoStruxure Power Build Rapsody includes a fix for this vulnerability and are available for download here: https://www.se.com/nl/nl/product-range/2309-ecostruxure-power-build-rapsody/#software-and-firmware Please reboot after installing the new version.
  • Version FR v2.7.12 of EcoStruxure Power Build Rapsody includes a fix for this vulnerability and are available for download here: https://www.se.com/fr/fr/product-range/2309-ecostruxure-power-build-rapsody/#software-and-firmwarePlease reboot after installing the new version.
  • Version ES v2.7.52 of EcoStruxure Power Build Rapsody includes a fix for this vulnerability and are available for download here: https://www.se.com/es/es/product-range/2309-ecostruxure-power-build-rapsody/#software-and-firmwarePlease reboot after installing the new version.
  • Version v2.8.4 INT of EcoStruxure Power Build Rapsody includes a fix for this vulnerability and is available for download here:https://www.se.com/ww/en/product-range/2309-ecostruxure-power-build-rapsody/#overview Please reboot the system after installing the new version.
  • If customers choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploit: • Only open projects from trusted sources. • Ensure use of malware scans before opening any externally created project • Encrypt project file when stored and restrict the access to only trusted users. • When exchanging files over the network, use secure communication protocols. • Compute a hash of the project files and regularly check the consistency of this hash to verify the integrity before usage. To ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric’s security notification service here: https://www.se.com/en/work/support/cybersecurity/security-notifications.jsp

Affected Vendors

Schneider Electric

Affected Products (8)

Schneider Electric · EcoStruxure Power Build Rapsody <=2.5.2_NL
Schneider Electric · EcoStruxure Power Build Rapsody <=2.7.1_FR
Schneider Electric · EcoStruxure Power Build Rapsody <=2.7.5_ES
Schneider Electric · EcoStruxure Power Build Rapsody <=2.6.4_INT
Schneider Electric · EcoStruxure Power Build Rapsody 2.7.2_NL
Schneider Electric · EcoStruxure Power Build Rapsody 2.7.52_ES
Schneider Electric · EcoStruxure Power Build Rapsody 2.7.12_FR
Schneider Electric · EcoStruxure Power Build Rapsody 2.8.4_INT

Affected Sectors

Commercial Facilities, Energy, Food and Agriculture, Government Services and Facilities, Transportation Systems, Water and Wastewater Systems

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more