ZDI-26-092 Schneider Electric EcoStruxure Power Build Vulnerability

TL;DR

A critical vulnerability in Schneider Electric's EcoStruxure Power Build allows attackers to execute arbitrary code via malicious SSD files.

What happened

["Schneider Electric's EcoStruxure Power Build contains a memory corruption flaw"]

Why it matters for ops

['Remote attackers can exploit this issue to run arbitrary code on affected systems', 'User interaction is required for exploitation, such as opening a malicious file or visiting an untrusted website']

Mitigation

• Apply patches provided by Schneider Electric for CVE-2025-13845
• Avoid opening untrusted or unfamiliar files

Action items

• Update to the latest version of EcoStruxure Power Build
• Monitor systems for suspicious activity related to SSD file parsing

Detection IOCs

• Suspicious memory corruption in SSD files parsing process
• Unexpected behavior after processing SSD files from unknown sources

Source link

http://www.zerodayinitiative.com/advisories/ZDI-26-092/