Schneider-Electric: >> Ecostruxure Power Build - Rapsody Security Vulnerabilities
CWE-415: Double Free vulnerability exists that could cause heap memory corruption when the end user imports a malicious project file (SSD file) shared by the attacker into Rapsody.
CVSS Score
8.4
EPSS Score
0.0
Published
2026-01-15
CWE-416: Use After Free vulnerability that could cause remote code execution when the end user imports the malicious project file (SSD file) into Rapsody.
CVSS Score
8.4
EPSS Score
0.0
Published
2026-01-15
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build - Rapsody software (V2.1.13 and prior) that could allow a use-after-free condition which could result in remote code execution when a malicious SSD file is uploaded and improperly parsed.
CVSS Score
7.8
EPSS Score
0.007
Published
2021-01-26
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build - Rapsody software (V2.1.13 and prior) that could allow a stack-based buffer overflow to occur which could result in remote code execution when a malicious SSD file is uploaded and improperly parsed.
CVSS Score
7.8
EPSS Score
0.014
Published
2021-01-26