Critical Vulnerability in Schneider Electric EcoStruxure Power Build Rapsody Uncovered

Schneider Electric EcoStruxure Power Build Rapsody Vulnerability Disclosed

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published an advisory detailing a critical vulnerability in Schneider Electric’s EcoStruxure Power Build Rapsody software. The flaw, tracked under ICSA-26-015-10, affects systems used for electrical single-line diagram design and power management in industrial environments.

Key Details

• Affected Product: EcoStruxure Power Build Rapsody (all versions prior to v2.1.13)
• Vulnerability Type: Remote Code Execution (RCE)
• Severity: High (CVSS score pending; exact details in CSAF advisory)
• Disclosure Date: January 15, 2026
• Patch Availability: Schneider Electric has released version 2.1.13 to mitigate the issue

Technical Overview

The vulnerability stems from improper input validation in the software’s handling of project files. An attacker could exploit this flaw by crafting a malicious file, which, when opened by a user, executes arbitrary code with the privileges of the affected application. This poses significant risks in operational technology (OT) environments where EcoStruxure Power Build Rapsody is deployed for power system design and management.

While CISA has not provided a specific CVE ID in the initial advisory, the CSAF (Common Security Advisory Framework) document contains full technical details, including exploitation vectors and mitigation steps.

Impact Analysis

• Remote Exploitation: Attackers could gain control of affected systems without physical access, potentially disrupting critical power infrastructure.
• Privilege Escalation: Successful exploitation may allow attackers to elevate privileges, leading to broader network compromise.
• OT Environment Risks: Given the software’s role in industrial power systems, exploitation could result in operational downtime, safety hazards, or data breaches.

Recommendations

1. Immediate Patch Deployment: Organizations using EcoStruxure Power Build Rapsody should upgrade to version 2.1.13 without delay.
2. File Validation: Restrict the opening of untrusted project files until the patch is applied.
3. Network Segmentation: Isolate systems running the affected software from broader IT networks to limit lateral movement.
4. Monitoring: Implement enhanced logging and anomaly detection for suspicious activity related to the application.
5. Review CSAF Advisory: Security teams should analyze the full CSAF document for additional technical guidance.

CISA encourages users and administrators to report exploitation attempts or vulnerabilities via its reporting portal.