A double free vulnerability has been identified in Schneider Electric's EcoStruxure Power Build Rapsody software, specifically in versions through 2.8.1 and prior, 2.8.6 and prior, 2.8.5 and prior, 2.8.3 and prior, and 2.8.8 and prior. This vulnerability could lead to heap memory corruption when a user imports a malicious project file (SSD file) into Rapsody. The issue arises from improper memory management, allowing an attacker to exploit the vulnerability by crafting a harmful project file that, when opened, causes memory corruption.
Exploitation of this vulnerability can result in heap memory corruption, potentially leading to a heap-based buffer overflow. Such memory corruption issues could be exploited by local attackers to execute arbitrary code.
Users can upgrade to EcoStruxure Power Build Rapsody versions 2.8.1.0401, 2.8.6.200, 2.8.5.0301, 2.8.3.0201, 2.8.8.0201, 2.8.4.0401, or 2.8.2.000 to address this vulnerability. After installing the new version, it is recommended to restart the service. For those who choose not to apply the update, it is advised to only open projects from trusted sources and to conduct malware scans on any externally created projects before opening them in Rapsody.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
