← Back to home
ICSA-25-153-02  ·  Published 2025-05-13  ·  View on CISA ICS-CERT ↗

Schneider Electric EcoStruxure Power Build Rapsody

CVSS 5.3 MEDIUM

CVEs (1)

Remediations

  • Version v2.8.1 FR of EcoStruxure™ Power Build–Rapsody includes a fix for this vulnerability and is available for download here: https://www.se.com/ww/en/product-range/2309-ecostruxure-power-buildrapsody/#overview Please reboot after installing the new version.
  • If customers choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploit: • Store the project files in a secure storage and restrict the access to only trusted users • When exchanging files over the network, use secure communication protocols • Encrypt project files when stored • Only open project files received from trusted source • Compute a hash of the project files and regularly check the consistency of this hash to verify the integrity before usage • Harden the workstation running EcoStruxure™ Power Build Rapsody To ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric’s security notification service here: https://www.se.com/en/work/support/cybersecurity/security-notifications.jsp

Affected Vendors

Schneider Electric

Affected Products (2)

Schneider Electric · EcoStruxure™ Power Build Rapsody software <=2.7.12_FR
Schneider Electric · EcoStruxure™ Power Build Rapsody software 2.8.1_FR

Affected Sectors

Energy

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more