IM
IronMonkey Threat Research
‹ Back to ICS Advisories

Schneider Electric PowerChute Serial Shutdown

MEDIUM
CVSS 6.1
Date 2026-07-09T06:00:00+00:00
Source cisa-csaf
Published by CISA

// Description

We strongly recommend the following industry cybersecurity best practices. * Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. * Install physical controls so no unauthorized personnel can access your industrial control and safety systems, components, peripheral equipment, and networks. * Place all controllers in locked cabinets and never leave them in the “Program” mode. * Never connect programming software to any network other than the network intended for that device. * Scan all methods of mobile data exchange with the isolated network such as CDs, USB drives, etc. before use in the terminals or any node connected to these networks. * Never allow mobile devices that have connected to any other network besides the intended network to connect to the safety or control networks without proper sanitation. * Minimize network exposure for all control system devices and systems and ensure that they are not accessible from the Internet. * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices. For more information refer to the Schneider Electric [Recommended Cybersecurity Best Practices](https://www.se.com/us/en/download/document/7EN52-0390/) document.

// Vulnerabilities (7)

CVE ID CVSS Score Severity Description
CVE-2026-2400 4.3 medium
CVE-2026-2400. CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability exists that could cause application user credentials to reset when a Web Admin user alters the POST /setPCBEDesc request payload.
CVE-2026-2401 2.8 low
CVE-2026-2401. CWE-532 Insertion of Sensitive Information into Log File vulnerability exists that could cause confidential information to be exposed when a Web Admin user executes a malicious file provided by an attacker.
CVE-2026-2405 4.3 medium
CVE-2026-2405. CWE-400 Uncontrolled Resource Consumption vulnerability exists that could cause excessive troubleshooting zip file creation and denial of service when a Web Admin user floods the system with POST /helpabout requests.
CVE-2026-2402 5.3 medium
CVE-2026-2402. CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker to gain access to the user account by performing an arbitrary number of authentication attempts with different credentials on a sequence of requests to multiple endpoints.
CVE-2026-2403 4.3 medium
CVE-2026-2403. CWE-1284 Improper Validation of Specified Quantity in Input vulnerability exists that could cause Event and Data Log truncation impacting log integrity when a Web Admin user alters the POST /logsettings request payload.
CVE-2026-2399 6.1 medium
CVE-2026-2399. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause critical files overwritten with text data when a Web Admin user alters the POST /REST/upssleep request payload.
CVE-2026-2404 5.3 medium
CVE-2026-2404. CWE-116 Improper Encoding or Escaping of Output vulnerability exists that could cause log injection and forged log when an attacker alters the POST /j_security check request payload.

// Remediations (2)

Patch: Version v1.5 of PowerChute™ Serial Shutdown includes a fix for this vulnerability and is available f
Version v1.5 of PowerChute™ Serial Shutdown includes a fix for this vulnerability and is available for download here: • Linux: https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/ Specific instructions and hardening guidelines for these mitigations can be found in the [Security Handbook](https://download.schneider-electric.com/files?p_Doc_Ref=SPD_CCON-PCSSSH_EN).
Patch: Version v1.5 of PowerChute™ Serial Shutdown includes a fix for this vulnerability and is available f
Version v1.5 of PowerChute™ Serial Shutdown includes a fix for this vulnerability and is available for download here: • Windows: https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/ Specific instructions and hardening guidelines for these mitigations can be found in the [Security Handbook](https://download.schneider-electric.com/files?p_Doc_Ref=SPD_CCON-PCSSSH_EN).

// References