CVE-2024-11139

🗓️ 17 Jan 2025 08:37:24Reported by schneiderType

Vulnerability CVE-2024-11139 enables code execution via malicious project file exploitation.

Reporter	Title	Published	Views	Family All 10
BDU FSTEC	The vulnerability of Schneider Electric EcoStruxure Power Build Rapsody software for designing and configuring electrical systems lies in the fact that operations may occur outside the buffer boundaries of memory, allowing an attacker to execute arbitrary code.	10 Feb 202500:00	–	bdu_fstec
Circl	CVE-2024-11139	17 Jan 202508:44	–	circl
CNNVD	Schneider Electric EcoStruxure Power Build Rapsody 缓冲区错误漏洞	17 Jan 202500:00	–	cnnvd
Cvelist	CVE-2024-11139	17 Jan 202508:37	–	cvelist
EUVD	EUVD-2024-34383	3 Oct 202520:07	–	euvd
ICS	Schneider Electric EcoStruxure Power Build Rapsody	14 Jan 202500:00	–	ics
NVD	CVE-2024-11139	17 Jan 202509:15	–	nvd
Positive Technologies	PT-2025-1625 · Schneider Electric · Ecostruxure Power Build - Rapsody	14 Jan 202500:00	–	ptsecurity
RedhatCVE	CVE-2024-11139	23 May 202507:06	–	redhatcve
Vulnrichment	CVE-2024-11139	17 Jan 202508:37	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "EcoStruxure™ Power Build Rapsody",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "Version v2.5.2 NL and prior"
      },
      {
        "status": "affected",
        "version": "Version v2.7.1 FR and prior"
      },
      {
        "status": "affected",
        "version": "Version v2.7.5 ES and prior"
      },
      {
        "status": "affected",
        "version": "Version v2.5.4 INT and prior"
      }
    ]
  }
]

Source	Link
download	www.download.schneider-electric.com/files

17 Jun 2026 06:57Current

7.6High risk

Vulners AI Score7.6

CVSS 44.6

EPSS0.00228

SSVC

CWE-119