{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/cpes/cpe2.3aschneider-electricpowerchute_serial_shutdown/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":["cpe:2.3:a:schneider-electric:powerchute_serial_shutdown:*:*:*:*:*:*:*:*"],"_cs_cves":[{"cvss":6.1,"id":"CVE-2026-2399"},{"cvss":6.5,"id":"CVE-2026-2405"},{"cvss":4.3,"id":"CVE-2026-2403"},{"cvss":4.3,"id":"CVE-2026-2400"},{"cvss":5,"id":"CVE-2026-2401"}],"_cs_exploited":true,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["PowerChute Serial Shutdown (\u003c=1.4)"],"_cs_severities":["high"],"_cs_tags":["ics","ot","vulnerability","path-traversal","crlf-injection","dos","log-tampering","critical-infrastructure"],"_cs_type":"threat","_cs_vendors":["Schneider Electric","SuSE","Red Hat","Microsoft"],"content_html":"\u003cp\u003eCISA has issued an advisory regarding multiple vulnerabilities affecting Schneider Electric PowerChute Serial Shutdown software, versions 1.4 and prior. These vulnerabilities, including CVE-2026-2399 (Path Traversal), CVE-2026-2404 (Improper Output Encoding), CVE-2026-2405 (Excessive Authentication Attempts), CVE-2026-2403 (Uncontrolled Resource Consumption), CVE-2026-2400 (Improper Input Validation), and CVE-2026-2401 (CRLF Injection and Sensitive Information in Log), pose significant risks. Successful exploitation could lead to critical system file overwrites, log data manipulation, unauthorized account access, denial-of-service, and sensitive information exposure. The affected software is deployed globally across critical infrastructure sectors such as Communications, Critical Manufacturing, Energy, Healthcare, Information Technology, and Transportation Systems. While no active exploitation has been reported, the potential impact on critical operations necessitates immediate attention from defenders.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains adjacent network access to the host running Schneider Electric PowerChute Serial Shutdown (implied by CVSS AV:A).\u003c/li\u003e\n\u003cli\u003eThe attacker acquires high-privilege credentials for the PowerChute application (implied by CVSS PR:H).\u003c/li\u003e\n\u003cli\u003eLeveraging CVE-2026-2399, the attacker crafts a malicious input string containing path traversal sequences (e.g., \u003ccode\u003e../../\u003c/code\u003e) targeting PowerChute's file handling functions.\u003c/li\u003e\n\u003cli\u003eThe crafted input is submitted through an authenticated interface, leading to the overwrite of critical system files or unauthorized file creation.\u003c/li\u003e\n\u003cli\u003eThrough CVE-2026-2404 and CVE-2026-2401, the attacker injects malformed data into a PowerChute input field to exploit improper output encoding or CRLF injection.\u003c/li\u003e\n\u003cli\u003eThis causes PowerChute to log the crafted data, potentially leading to log file poisoning, tampering, or injection of malicious content.\u003c/li\u003e\n\u003cli\u003eExploiting CVE-2026-2403 or CVE-2026-2400, the attacker triggers conditions that lead to uncontrolled resource consumption or malformed input processing, causing a denial-of-service (DoS) on the PowerChute application.\u003c/li\u003e\n\u003cli\u003eThe attacker attempts to reset user credentials by repeatedly triggering authentication attempts (CVE-2026-2405) or exfiltrates sensitive information exposed in manipulated log files (CVE-2026-2401).\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe successful exploitation of these vulnerabilities could have severe consequences for organizations relying on Schneider Electric PowerChute Serial Shutdown. Attackers could gain unauthorized control over critical system files, leading to system instability, data corruption, or even complete system compromise. Log data manipulation could hinder forensic analysis and incident response efforts, while denial-of-service attacks could disrupt critical operations, particularly in sectors like Energy and Manufacturing where PowerChute manages UPS systems. Exposure of sensitive information could lead to further compromise or compliance violations. The vulnerabilities affect systems worldwide, making the potential for widespread disruption significant if not patched.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately update Schneider Electric PowerChute Serial Shutdown to version 1.5 or later to address CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, and CVE-2026-2401.\u003c/li\u003e\n\u003cli\u003eReview the Schneider Electric Security Handbook referenced in the advisory (\u003ca href=\"https://download.schneider-electric.com/files?p_Doc_Ref=SPD_CCON-PCSSSH_EN\"\u003ehttps://download.schneider-electric.com/files?p_Doc_Ref=SPD_CCON-PCSSSH_EN\u003c/a\u003e) for specific hardening guidelines and mitigation strategies applicable to your environment.\u003c/li\u003e\n\u003cli\u003eEnsure proper network segmentation to limit adjacent network access to PowerChute Serial Shutdown installations, as specified by the CVSS vector (AV:A).\u003c/li\u003e\n\u003cli\u003eImplement strong authentication policies and monitor for excessive authentication attempts, which could indicate exploitation of CVE-2026-2405.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-09T15:56:37Z","date_published":"2026-07-09T15:56:37Z","id":"https://feed.craftedsignal.io/briefs/2026-07-schneider-electric-powerchute-vulnerabilities/","summary":"Multiple vulnerabilities, including CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, and CVE-2026-2401, in Schneider Electric PowerChute Serial Shutdown versions 1.4 and prior could allow attackers with adjacent network access and high privileges to overwrite critical system files via path traversal, forge or inject malicious log data, gain unauthorized account access through excessive authentication attempts, trigger denial-of-service conditions, or expose sensitive information.","title":"Multiple Vulnerabilities in Schneider Electric PowerChute Serial Shutdown","url":"https://feed.craftedsignal.io/briefs/2026-07-schneider-electric-powerchute-vulnerabilities/"}],"language":"en","title":"CraftedSignal Threat Feed - Cpe:2.3:a:schneider-Electric:powerchute_serial_shutdown:*:*:*:*:*:*:*:*","version":"https://jsonfeed.org/version/1.1"}