Sign-up

ID

VAR-202505-1714


CVE

CVE-2025-3916


TITLE

Schneider Electric EcoStruxure Power Build Rapsody Stack Buffer Overflow Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-12302

DESCRIPTION

CWE-121: Stack-based Buffer Overflow vulnerability exists that could cause local attackers being able to exploit these issues to potentially execute arbitrary code while the end user opens a malicious project file (SSD file) provided by the attacker. Schneider Electric EcoStruxure Power Build Rapsody is a power monitoring platform of Schneider Electric of France

Trust: 1.44

sources: NVD: CVE-2025-3916 // CNVD: CNVD-2025-12302

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-12302

AFFECTED PRODUCTS

vendor:schneidermodel:electric ecostruxure power build rapsody frscope:lteversion:<=v2.7.12

Trust: 0.6

sources: CNVD: CNVD-2025-12302

CVSS

SEVERITY

CVSSV2

CVSSV3

cybersecurity@se.com: CVE-2025-3916
value: MEDIUM

Trust: 1.0

CNVD: CNVD-2025-12302
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2025-12302
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2025-12302 // NVD: CVE-2025-3916

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

sources: NVD: CVE-2025-3916

PATCH

title:Patch for Schneider Electric EcoStruxure Power Build Rapsody Stack Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/696111

Trust: 0.6

sources: CNVD: CNVD-2025-12302

EXTERNAL IDS

db:NVDid:CVE-2025-3916

Trust: 1.6

db:SCHNEIDERid:SEVD-2025-133-03

Trust: 1.6

db:CNVDid:CNVD-2025-12302

Trust: 0.6

sources: CNVD: CNVD-2025-12302 // NVD: CVE-2025-3916

REFERENCES

url:https://download.schneider-electric.com/files?p_doc_ref=sevd-2025-133-03&p_endoctype=security+and+safety+notice&p_file_name=sevd-2025-133-03.pdf

Trust: 1.6

sources: CNVD: CNVD-2025-12302 // NVD: CVE-2025-3916

SOURCES

db:CNVDid:CNVD-2025-12302
db:NVDid:CVE-2025-3916

LAST UPDATE DATE

2025-06-15T23:45:49.851000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-12302date:2025-06-12T00:00:00
db:NVDid:CVE-2025-3916date:2025-05-13T19:35:18.080

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-12302date:2025-06-12T00:00:00
db:NVDid:CVE-2025-3916date:2025-05-13T09:15:21.027