Multiple Vulnerabilities in Schneider Electric PowerChute Serial Shutdown Threaten Critical Infrastructure
CISA has issued an advisory detailing multiple vulnerabilities in Schneider Electric's PowerChute Serial Shutdown software, versions 1.4 and prior, posing significant risks to industrial control systems.

Multiple vulnerabilities have been identified in Schneider Electric's PowerChute Serial Shutdown software, affecting versions 1.4 and earlier. These security flaws, detailed in a CISA ICS Advisory, could allow attackers to gain unauthorized access, disrupt operations, and compromise sensitive data within critical infrastructure environments.
The vulnerabilities span several categories, including path traversal, excessive authentication attempts, resource consumption, CRLF injection, and improper input validation. Successful exploitation of these weaknesses could lead to attackers overwriting critical system files, injecting malicious data into logs, gaining unauthorized account access, causing denial-of-service conditions, altering logging information, resetting user credentials, or exposing sensitive information. The advisory highlights that these issues are present in PowerChute Serial Shutdown versions 1.4 and prior.
Specifically, CVE-2026-2399 relates to improper restriction of file paths, enabling attackers to overwrite critical system files. CVE-2026-2404 addresses improper output encoding, allowing crafted input to be reflected in log files in unexpected ways. Other identified vulnerabilities include improper restriction of excessive authentication attempts, uncontrolled resource consumption, improper validation of specified quantity in input, and improper neutralization of CRLF sequences, commonly known as CRLF injection.
The affected software, PowerChute Serial Shutdown, is deployed globally across critical infrastructure sectors such as Communications, Critical Manufacturing, Energy, Healthcare and Public Health, Information Technology, and Transportation Systems. The potential impact of these vulnerabilities is significant, given the software's role in managing power infrastructure and its deployment in sensitive environments.
Schneider Electric, in conjunction with SuSE, Red Hat, and Microsoft, has released version 1.5 of PowerChute Serial Shutdown, which includes fixes for these vulnerabilities. Users are strongly advised to upgrade to version 1.5 to mitigate the risks associated with these security flaws. Download links for both Windows and Linux versions are provided in the advisory.
In addition to the vendor fix, users are encouraged to consult the Security Handbook for specific mitigation instructions and hardening guidelines. The advisory also references Schneider Electric's CPCERT security advisory SEVD-2026-104-01 for more detailed information regarding these multiple vulnerabilities.
The Common Vulnerability Scoring System (CVSS) v3.1 base score for some of these vulnerabilities is rated at 6.1 (MEDIUM), with a CVSS v4.0 score of 6.9 (MEDIUM). While not rated as critical, the potential for system file overwrites, denial-of-service, and sensitive data exposure in industrial control systems warrants immediate attention and remediation.
This advisory underscores the ongoing challenges in securing operational technology (OT) environments, where vulnerabilities in management software can have far-reaching consequences for critical infrastructure reliability and security. Prompt patching and adherence to security best practices are crucial for defending against potential cyber threats.