CVE-2025-13845

HIGH

EcoStruxure Power Build Rapsody - Use-After-Free via Malicious SSD Project File Import

Title source: llm

Description

CWE-416: Use After Free vulnerability that could cause remote code execution when the end user imports the malicious project file (SSD file) into Rapsody.

References (1)

Core 1

Core References

Various Sources

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-013-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-013-04.pdf

Scores

CVSS v3 7.8

EPSS 0.0004

EPSS Percentile 13.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-416

Status published

Products (14)

Schneider Electric/EcoStruxure Power Build Rapsody BEL (EN) v2.8.3.0100 and prior

Schneider Electric/EcoStruxure Power Build Rapsody BEL (FR) v2.8.8.0100 and prior

Schneider Electric/EcoStruxure Power Build Rapsody ESP v2.8.5.0200 and prior

Schneider Electric/EcoStruxure Power Build Rapsody FR v2.8.1.0300 and prior

Schneider Electric/EcoStruxure Power Build Rapsody INT (EN) v2.8.4.0300 and prior

Schneider Electric/EcoStruxure Power Build Rapsody NL v2.8.2.0000 and prior

Schneider Electric/EcoStruxure Power Build Rapsody PT v2.8.7.0100 and prior

schneider-electric/ecostruxure_power_build_-_rapsody < 2.8.1.0300

schneider-electric/ecostruxure_power_build_-_rapsody < 2.8.2.0000

schneider-electric/ecostruxure_power_build_-_rapsody < 2.8.3.0100

... and 4 more

Published Jan 15, 2026

Tracked Since Feb 18, 2026