CVE-2024-11139

🗓️ 17 Jan 2025 08:37:24Reported by schneiderType

Vulnerability allows local attackers to execute arbitrary code via malicious project file exploitation.

Reporter	Title	Published	Views	Family All 10
BDU FSTEC	The vulnerability of Schneider Electric EcoStruxure Power Build Rapsody software for designing and configuring electrical systems lies in the fact that operations may occur outside the buffer boundaries of memory, allowing an attacker to execute arbitrary code.	10 Feb 202500:00	–	bdu_fstec
Circl	CVE-2024-11139	17 Jan 202508:44	–	circl
CNNVD	Schneider Electric EcoStruxure Power Build Rapsody 缓冲区错误漏洞	17 Jan 202500:00	–	cnnvd
CVE	CVE-2024-11139	17 Jan 202508:37	–	cve
EUVD	EUVD-2024-34383	3 Oct 202520:07	–	euvd
ICS	Schneider Electric EcoStruxure Power Build Rapsody	14 Jan 202500:00	–	ics
NVD	CVE-2024-11139	17 Jan 202509:15	–	nvd
Positive Technologies	PT-2025-1625 · Schneider Electric · Ecostruxure Power Build - Rapsody	14 Jan 202500:00	–	ptsecurity
RedhatCVE	CVE-2024-11139	23 May 202507:06	–	redhatcve
Vulnrichment	CVE-2024-11139	17 Jan 202508:37	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "EcoStruxure™ Power Build Rapsody",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "Version v2.5.2 NL and prior"
      },
      {
        "status": "affected",
        "version": "Version v2.7.1 FR and prior"
      },
      {
        "status": "affected",
        "version": "Version v2.7.5 ES and prior"
      },
      {
        "status": "affected",
        "version": "Version v2.5.4 INT and prior"
      }
    ]
  }
]

Source	Link
download	www.download.schneider-electric.com/files

17 Jan 2025 08:37Current

CVSS 44.6

EPSS0.00228

CWE-119

cve-2024-11139 cwe-119 memory buffer vulnerability arbitrary code execution local attack