---
title: "Critical Vulnerabilities in Schneider Electric EcoStruxure Power Build Rapsody"
short_title: "Schneider Electric Rapsody software flaws expose systems"
description: "Schneider Electric patches critical memory corruption vulnerabilities in EcoStruxure Power Build Rapsody. Learn how to mitigate risks and protect industrial systems."
author: "Vitus"
date: 2025-01-24
categories: [Cybersecurity, Vulnerabilities]
tags: [schneider-electric, ecostruxure, cve-2025-13844, cve-2025-13845, industrial-security]
score: 0.85
cve_ids: [CVE-2025-13844, CVE-2025-13845]
---
TL;DR
Schneider Electric has identified two critical vulnerabilities—CVE-2025-13844 and CVE-2025-13845—in its EcoStruxure Power Build Rapsody software. These flaws could allow attackers to execute arbitrary code via malicious project files, leading to memory corruption and potential system compromise. Users are urged to apply patches immediately and follow recommended mitigations to reduce risks.
---
Main Content
Introduction
Schneider Electric, a global leader in energy management and industrial automation, has issued an urgent advisory addressing critical vulnerabilities in its EcoStruxure Power Build Rapsody software. This software is widely used in energy, critical manufacturing, and commercial facilities to design and manage electrical switchboards. The identified flaws—CVE-2025-13844 and CVE-2025-13845—could enable local attackers to exploit memory corruption issues, potentially leading to arbitrary code execution. This article explores the technical details, impact, and mitigation steps for these vulnerabilities.
---
Key Points
- Critical Vulnerabilities: Two high-severity flaws, CVE-2025-13844 (Double Free) and CVE-2025-13845 (Use After Free), affect Schneider Electric’s EcoStruxure Power Build Rapsody software.
- Exploitation Risk: Attackers can exploit these vulnerabilities by tricking users into importing malicious SSD project files, leading to heap-based or stack-based buffer overflows and arbitrary code execution.
- Affected Versions: Multiple versions of the software across different regions (FR, INT, ES, BEL, PT, NL) are impacted.
- Patch Available: Schneider Electric has released updated versions to address these vulnerabilities. Users must install the patches and restart the service immediately.
- Mitigation Strategies: If patching is not immediately possible, users should only open projects from trusted sources and scan files for malware before importing.
---
Technical Details
#### CVE-2025-13844: Double Free Vulnerability
- CWE-415: This vulnerability involves a Double Free issue, where the software attempts to free the same memory location twice. This can lead to heap memory corruption when a user imports a malicious SSD project file shared by an attacker.
- CVSS Score: 5.3 (Medium Severity)
- Vector String: `CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L`
- Impact: Successful exploitation could allow attackers to execute arbitrary code on the affected system.
#### CVE-2025-13845: Use After Free Vulnerability
- CWE-416: This vulnerability involves a Use After Free issue, where the software references memory after it has been freed. This can lead to remote code execution when a user imports a malicious SSD project file.
- CVSS Score: 7.8 (High Severity)
- Vector String: `CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H`
- Impact: Exploitation could result in full system compromise, allowing attackers to gain control over the affected device.
---
Affected Systems
The following versions of EcoStruxure Power Build Rapsody are affected by these vulnerabilities:
| Region | Affected Versions | Patched Versions |
|------------------|------------------------------------------|------------------------------------|
| France (FR) | 2.8.1 and prior | 2.8.1.0401 |
| International (INT) | 2.8.6 and prior | 2.8.6.200 |
| Spain (ES) | 2.8.5 and prior | 2.8.5.0301 |
| Belgium (NL) | 2.8.3 and prior | 2.8.3.0201 |
| Belgium (FR) | 2.8.8 and prior | 2.8.8.0201 |
| Portugal (PT) | 2.8.7 and prior | 2.8.7.0101 |
| International (EN) | 2.8.4 and prior | 2.8.4.0401 |
| Netherlands (NL) | 2.8.2 and prior | 2.8.2.0000 |
---
Impact Assessment
The vulnerabilities pose significant risks to organizations in critical infrastructure sectors, including:
- Energy: Disruption of power distribution systems could lead to outages or safety hazards.
- Critical Manufacturing: Compromise of industrial control systems could halt production lines, causing financial losses.
- Commercial Facilities: Unauthorized access to building management systems could endanger occupants and assets.
Given the high severity of CVE-2025-13845, organizations must prioritize patching to prevent potential remote code execution and system takeover.
---
Mitigation Steps
Schneider Electric has provided the following recommendations to mitigate the risks:
#### 1. Apply Vendor Patches
- Download and install the latest versions of EcoStruxure Power Build Rapsody from Schneider Electric’s [official website](https://www.se.com/ww/en/product-country-selector/?pageType=product-range&sourceId=2309).
- Restart the service after installing the updates.
#### 2. Temporary Mitigations (If Patching Is Delayed)
- Only open project files from trusted sources: Avoid importing SSD files from unknown or unverified origins.
- Scan files for malware: Use antivirus or malware detection tools to scan project files before opening them.
- Isolate critical systems: Ensure that systems running EcoStruxure Power Build Rapsody are isolated from business networks and the internet.
#### 3. General Cybersecurity Best Practices
- Network Segmentation: Locate control and safety system networks behind firewalls and isolate them from business networks.
- Physical Security: Restrict access to industrial control systems and peripheral equipment.
- Remote Access: Use Virtual Private Networks (VPNs) for remote access and ensure they are updated to the latest version.
- Regular Audits: Conduct regular cybersecurity audits to identify and address vulnerabilities in industrial systems.
---
Conclusion
The discovery of CVE-2025-13844 and CVE-2025-13845 in Schneider Electric’s EcoStruxure Power Build Rapsody software underscores the critical importance of proactive cybersecurity measures in industrial environments. Organizations must act swiftly to apply patches, implement mitigations, and adhere to best practices to protect their systems from potential exploitation.
Failure to address these vulnerabilities could result in arbitrary code execution, system compromise, and disruption of critical operations. Stay vigilant, prioritize security updates, and collaborate with Schneider Electric’s cybersecurity teams to safeguard your infrastructure.
---
References
[^1]: Schneider Electric. "[EcoStruxure Power Build Rapsody](https://www.se.com/ww/en/product-country-selector/?pageType=product-range&sourceId=2309)". Retrieved 2025-01-24.
[^2]: CISA. "[ICSA-26-015-10 Schneider Electric EcoStruxure Power Build Rapsody](https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-10)". Retrieved 2025-01-24.
[^3]: MITRE. "[CWE-415: Double Free](https://cwe.mitre.org/data/definitions/415.html)". Retrieved 2025-01-24.
[^4]: MITRE. "[CWE-416: Use After Free](https://cwe.mitre.org/data/definitions/416.html)". Retrieved 2025-01-24.
[^5]: Schneider Electric. "[Recommended Cybersecurity Best Practices](https://www.se.com/us/en/download/document/7EN52-0390/)". Retrieved 2025-01-24.