Schneider-Electric: >> Ecostruxure Power Build - Rapsody Security Vulnerabilities
CWE-415: Double Free vulnerability exists that could cause heap memory corruption when the end user imports a malicious project file (SSD file) shared by the attacker into Rapsody.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-01-15
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build - Rapsody software (V2.1.13 and prior) that could allow a use-after-free condition which could result in remote code execution when a malicious SSD file is uploaded and improperly parsed.
CVSS Score
7.8
EPSS Score
0.007
Published
2021-01-26
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build - Rapsody software (V2.1.13 and prior) that could allow a stack-based buffer overflow to occur which could result in remote code execution when a malicious SSD file is uploaded and improperly parsed.
CVSS Score
7.8
EPSS Score
0.014
Published
2021-01-26